Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Exploring Syscall Evasion - Linux Shell Builtins

This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such efforts. We’ll be starting out the series discussing how this applies to Linux operating systems, but this is a technique that applies to Windows as well, and we’ll touch on some of this later on in the series. In this particular installment, we’ll be discussing syscall evasion with bash shell builtins.

Kernel Introspection from Linux to Windows

The cybersecurity landscape is undergoing a significant shift, moving from security tools monitoring applications running within userspace to advanced, real-time approaches that monitor system activity directly and safely within the kernel by using eBPF. This evolution in kernel introspection is particularly evident in the adoption of projects like Falco, Tetragon, and Tracee in Linux environments.

The Impending EOL of CentOS 7: What You Need to Know and How to Prepare

CentOS 7 has been a popular choice for many businesses and developers due to its stability, robustness, and compatibility with enterprise-level applications. According to W3Techs, CentOS is used by 2.8% of all the websites whose operating system is known. However, as announced on the official CentOS blog, the end of life (EOL) for CentOS 7 is fast approaching. This means that after June 30, 2024, CentOS 7 will no longer receive official support, updates, or security patches.

Container Security Fundamentals - Linux Namespaces (Part 2): The PID Namespace

In this video we continue our examination of Linux namespaces by looking at some details of how the PID namespace can be used to isolate a container’s view of processes running on the host, and how this feature can be used for troubleshooting container problems. To learn more read our blog on Datadog’s Security Labs site.

Container Security Fundamentals - Linux namespaces part 1: The mount namespace

One of the technologies used by Linux containers to provide an isolated environment, is namespaces. They are used to provide a contained process with an isolated view of different Linux resources. In this video we look at some of the details of how Linux namespaces work and then take a more detailed look at the mount namespace which isolates a processes' view of its filesystem.

The Linux Crypto API for user applications

In this post we will explore Linux Crypto API for user applications and try to understand its pros and cons. The Linux Kernel Crypto API was introduced in October 2002. It was initially designed to satisfy internal needs, mostly for IPsec. However, in addition to the kernel itself, user space applications can benefit from it.