Gave a talk at KubeCon North America 2020 on how to circumvent the tool that I build.
It was a huge success with a lot of mentions and endorsements over Twitter.
Mentioned as one of the best talks of that KubeCon by the press after the event.
Bypass Falco
📼 📽️
It was a huge success with a lot of mentions and endorsements over Twitter.
Mentioned as one of the best talks of that KubeCon by the press after the event.
Bypass Falco
📼 📽️
The main goal of Falco is to detect malicious behaviors at runtime and alert you about anything undesirable happening inside your machines. Maybe you trust it as your last line of defense in today’s cloud-native environments, and as a consequence, you sleep like a log.
Well, I’m a Falco maintainer, and I definitely wouldn’t.
Ok, I generally don’t trust anything and still manage to sleep soundly, but that’s a topic for another conversation.
You shouldn’t trust Falco. You shouldn’t trust any tool by default.
During this session, we’re gonna explore how to bypass Falco and leave us like sitting ducks, defenseless.
How? By circumventing the ability of the Falco kernel module or its eBPF probe to trace the syscalls happening into your Linux kernels.
Join this talk to get to know the details, and participate in this next-level collective drama.