#Seccomp

Manu TooManySecrets

@sotomonte.net

1 week ago

Capsicum vs seccomp — capability vs syscall‑based sandboxing #FreeBSD #Linux #capsicum #seccomp
vivianvoss.net/blog/capsicu...

DevOpsCon | Community & Conferences

@devopscon.bsky.social

4 months ago

⚠️ Your #containers aren't as safe as you think.

In his article, Andreas Jaekel shows how #Syscall filtering and #Seccomp make #Kubernetes safer — right at the kernel level.

✋How to stop attacks before they start: https://f.mtr.cool/ajxzitppqh

#PlatformEngineering  #DevSecOps #Security

Kubernetes

@kubernetes.activitypub.awakari.com.ap.brid.gy

5 months ago

[Перевод] Как защитить Kubernetes на уровне ядра Linux Как защитить Kubernetes, если злоумышленник попытается выбраться ...

#security #contexts #apparmor #seccomp #kubernetes #no-root #containers #linux #namespace #runAsUser #безопасность

Origin | Interest | Match

GetNews.me

@getnews-me.bsky.social

5 months ago

Fine-Grained Seccomp Profiling Boosts Security for IoT Devices

Static analysis creates fine‑grained Seccomp profiles for IoT devices, blocking unused syscalls and restricting arguments. The method was accepted by IEEE Internet of Things Journal (2023). getnews.me/fine-grained-seccomp-pro... #seccomp #security

GetNews.me

@getnews-me.bsky.social

5 months ago

Static and Dynamic Analysis Cuts Linux Kernel Attack Surface

Sysverify merges static inspection with dynamic verification to tighten seccomp filters, cutting the allowed syscall list below Docker’s default of ~50 while keeping containers functional. Read more: getnews.me/static-and-dynamic-analy... #seccomp #linux

linux

@linux.activitypub.awakari.com.ap.brid.gy

6 months ago

Строим лабораторию по исследованию вирусов с eBPF и другими Хабр, всем привет! Когда инфраструктура созрела д...

#linux #вирус #песочница #sandbox #ebpf #seccomp #podman #виртуализация #tcpdump #iptables

Origin | Interest | Match

linux

@linux.activitypub.awakari.com.ap.brid.gy

7 months ago

Secure Coding Part 9— Command Injection Attack: Python exec() & Seccomp to the rescue Command Injection is one of those vulnerabilities that can turn a single HTTP request into full server co...

#command-injection #application-security #seccomp #python-security #secure-coding

Origin | Interest […]

@alegrey91.bsky.social

1 year ago

GitHub - alegrey91/harpoon: 🔍 Trace syscalls from user-space functions, by using eBPF 🔍 Trace syscalls from user-space functions, by using eBPF - alegrey91/harpoon

I released a new version of harpoon (v0.9.5)!
Check it out here github.com/alegrey91/harpoon.
harpoon traces syscalls from user-defined functions to generate Seccomp profiles.
#seccomp #ebpf #golang #security #hardening

Rene Robichaud

@neroqc.bsky.social

1 year ago

Policy as code in Kubernetes: security with seccomp & network policies Learn how by embracing PaC you can ensure your Kubernetes environments are secure against today’s ever-changing landscape of cyber threats.

Policy as code in Kubernetes: security with seccomp and network policies
www.armosec.io/blog/policy-...
#Infosec #Security #Cybersecurity #CeptBiro #PolicyAsCodeInKubernetes #Seccomp #NetworkPolicies