ebpf - Aqua

ebpf - Aqua https://www.aquasec.com/tag/ebpf/ Cloud Native Security, Container Security & Serverless Security Thu, 11 Apr 2024 07:44:39 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability https://www.aquasec.com/blog/deep-analysis-of-the-dirty-pipe-vulnerability/ Wed, 14 Dec 2022 11:00:00 +0000 https://www.aquasec.com/?p=14522

Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

Dirty Pipe (CVE-2022-0847) proved that there is a new way to exploit Linux syscalls to write to files with a read-only privileges. The fact that someone can write to a file regardless of its permissions is a big security threat. An application of this vulnerability would be to write on the host from an unprivileged …]]> Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer https://www.aquasec.com/blog/combat-zero-day-threats-with-aquas-ebpf-lightning-enforcer/ Tue, 22 Nov 2022 11:00:00 +0000 https://www.aquasec.com/?p=14558

Combat Zero-Day Threats with Aqua’s New eBPF Lightning Enforcer

We are excited to announce the latest addition to our portfolio, our eBPF-based Aqua Lightning Enforcer. It’s designed for busy security professionals to detect zero-day attacks and sophisticated threats that occur in runtime. It utilizes eBPF technology, making it more effective, safer, and faster. The new Lightning Enforcer and our Runtime Protection solution is an …]]> Unveiling CNDR: eBPF-Based Cloud Native Detection and Response https://www.aquasec.com/blog/cndr-ebpf-cloud-native-detection-and-response/ Wed, 13 Oct 2021 10:01:00 +0000 https://www.aquasec.com/?p=15118

Unveiling CNDR: eBPF-Based Cloud Native Detection and Response

Today, Aqua announced the addition of a new, industry-leading detection and response capability to its Cloud Native Application Protection Platform (CNAPP), called Cloud Native Detection and Response (CNDR). CNDR uses real-time behavioral indicators from Aqua’s cyber research team, Nautilus, to identify zero-day attacks from low-level eBPF events surfaced by Aqua’s open source project Tracee. Combined …]]> The Story of Tracee: The Path to Runtime Security Tool https://www.aquasec.com/blog/open-source-container-runtime-security/ Thu, 07 Oct 2021 13:59:57 +0000 https://www.aquasec.com/?p=15140

The Story of Tracee: The Path to Runtime Security Tool

eBPF technology is seeing strong growth, being widely adopted in the cloud native ecosystem for monitoring, networking, and security goals. At Aqua, along with being used in commercial products, eBPF powers our open source project Tracee to detect events in running containers. Recently, we released Tracee version 0.6.0, which brings many new features, improves Tracee-eBPF’s …]]> Using CO:RE to Achieve Portable Tracee eBPF Code https://www.aquasec.com/blog/ebf-portable-code/ Thu, 02 Sep 2021 13:26:52 +0000 https://www.aquasec.com/?p=15149

Using CO:RE to Achieve Portable Tracee eBPF Code

One of the biggest challenges of eBPF development is distribution of your eBPF project. With so many different versions of the Linux kernel out in the wild, it seems like an impossible task to compile your eBPF program against all of them to ensure compatibility. However, by using CO:RE, a feature of libbpf, this gets …]]> Using LSM Hooks with Tracee to Overcome Gaps with Syscall Tracing https://www.aquasec.com/blog/linux-vulnerabilitie-tracee/ Thu, 27 May 2021 10:07:51 +0000 https://www.aquasec.com/?p=15251

Using LSM Hooks with Tracee to Overcome Gaps with Syscall Tracing

Tracee is an open source runtime security and forensics tool for Linux, built to address common Linux security issues. By leveraging the advantages of Linux extended Berkeley Packet Filter (eBPF) technology to trace systems and applications at runtime, Tracee analyzes collected events to detect suspicious behavioral patterns. In this blog, I’ll share the lessons we …]]> Detecting Malicious Activity in CI/CD Pipeline with Tracee https://www.aquasec.com/blog/cicd-pipeline-security-tool-tracee/ Wed, 12 May 2021 09:04:28 +0000 https://www.aquasec.com/?p=15268

Detecting Malicious Activity in CI/CD Pipeline with Tracee

With the growing popularity of CI platforms to build software, bad actors are increasingly looking to exploit these environments to target organizations. In our post about the recent Codecov breach, we explored how an attacker was able to get access to credentials from within the CI/CD pipeline. To prevent this from happening, you need to …]]> How to Build eBPF Programs with libbpfgo https://www.aquasec.com/blog/libbpf-ebpf-programs/ Tue, 06 Apr 2021 14:30:00 +0000 https://www.aquasec.com/?p=15290

How to Build eBPF Programs with libbpfgo

In recent years, I have been I using a project called BCC to compile, load, and interact with my bpf programs. I have recently learned about a better way to build ebpf projects called libbpf. There are a few good resources to use when developing libbpf based programs but getting started can still be quite …]]> What is vmlinux.h and Why is It Important for Your eBPF Programs? https://www.aquasec.com/blog/vmlinux-h-ebpf-programs/ Tue, 30 Mar 2021 09:34:18 +0000 https://www.aquasec.com/?p=15297

What is vmlinux.h and Why is It Important for Your eBPF Programs?

eBPF is a powerful and exciting technology that allows developers to add custom code to strategic points in the Linux kernel and interact with it by writing simple C or Go programs. The eBPF programs you write and run can inspect data in the memory of processes they attach to. In order to do so, …]]>