Rafael David Tinoco
Rafael David Tinoco
I still intend to fix any issue this PR might have with github tests and create 1 extension as an example (outside the core extension). Hopefully will be able to...
About adding tests in open-source: https://github.com/aquasecurity/tracee/issues/3602#issuecomment-1783849922 for all hook events.
> My assumption is that it's cleaned memory-wise, but not kallsyms-wise, then the memory is reused and there're 2 different symbols in kallsyms sitting in the same address. You might...
We are aware of that. This is related to https://github.com/aquasecurity/tracee/issues/617. Since then we added events such as `security_bpf, security_bpf_map, bpf_attach, security_bpf_prog`. We can only know if any other process has...
@agadient so, are you differentiating the attacks from privileged and non-privileged point of view ? Because any runtime tool, from the moment user has privileges, is already condemned (but alerting...
> I don't think that this is a wise idea. If someone is trying to deliberately bypass Tracee, than he will probably go over all of the OS signatures as...
Closing this one per last comment. Sorry for the trouble, again.
I can't reproduce and it was likely for that based on our recent issues. Closing.
Is there any interest in continuing this work ? I'm afraid we did not have enough time to rebase and fix the issues, I'll keep it opened for sometime to...
Looking forward to this! Thanks for your work.