Linux Kernel Journey

Oct 31, 2024 · Information Security

A New Perspective on eBPF Security: Auditing Complex Attack Techniques

This article demonstrates how to use eBPF to audit fileless command‑execution attacks and reverse‑shell techniques by tracing memfd_create, Kprobe/LSM hooks, dup2 redirections, and related kernel functions, providing concrete code examples and analysis of the detection logic.