Explore novel vulnerabilities and exploitation techniques for bypassing Linux syscall tracing in this 38-minute Black Hat conference talk. Learn how user mode programs can reliably avoid system call tracing detections without special privileges or capabilities, even when seccomp, SELinux, and AppArmor are enforced. Presented by Rex Guo and Junyuan Zeng, this session delves into the intricacies of exploiting these vulnerabilities, providing valuable insights for security professionals and researchers interested in Linux system security.
Trace Me if You Can - Bypassing Linux Syscall Tracing
Overview
Syllabus
Trace Me if You Can: Bypassing Linux Syscall Tracing
Taught by
Black Hat
Related Courses
-
Fixing a Memory Forensics Blind Spot - Linux Kernel Tracing
-
Fuzzing the Native NTFS Read-Write Driver - NTFS3 - in the Linux Kernel
-
Ret2dir - Deconstructing Kernel Isolation
-
BlueBorne - A New Class of Airborne Attacks that can Remotely Compromise Any Linux - IoT Device
-
Message in a Broken Bottle - Exploring the Linux IPC Attack Surface
