You can find #Linux malware masquerading as a kernel thread using this command:cat /proc//mapsI'm going to show you how in this thread. #DFIR #sandflysecurity pic.twitter.com/E49dIQ06nC— Craig Rowland - Agentless Linux Security (@CraigHRowland) February 25, 2020

Threat-hunting tool for Linux. Contribute to 0xrawsec/kunai development by creating an account on GitHub.

What is eBPF ? born out of a need for a better Linux tracing tool. first released in a limited capacity in 2014 with Linux 3.18, making full use of eBPF at least Linux 4.4 or above eBPF can run sandboxed programs in the Linux kernel without changin...