Loading…
Virtual Event
November 17–November 20, 2020
Learn More and Register to Attend This Event

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2020 - Virtual to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Standard Time (UTC–05:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Friday, November 20 • 3:10pm - 3:45pm
Bypass Falco - Leonardo Di Donato, Sysdig

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.


The main goal of Falco is to detect malicious behaviors at runtime and alert you about anything undesirable happening inside your machines. Maybe you trust it as your last line of defense in today’s cloud-native environments, and as a consequence, you sleep like a log. Well, I’m a Falco maintainer, and I definitely wouldn’t. Ok, I generally don’t trust anything and still manage to sleep soundly, but that’s a topic for another conversation. You shouldn’t trust Falco. You shouldn’t trust any tool by default. During this session, we’re gonna explore how to bypass Falco and leave us like sitting ducks, defenseless. How? By circumventing the ability of the Falco kernel module or its eBPF probe to trace the syscalls happening into your Linux kernels. Join this talk to get to know the details, and participate in this next-level collective drama.

Speakers
avatar for Leonardo Di Donato

Leonardo Di Donato

Open Source Software Engineer, Sysdig
Leo is an Open Source Software Engineer at Sysdig in the Office of the CTO, where he's in charge of the Open Source methodologies and projects. He's a core maintainer of Falco, a Cloud Native tool for runtime security incubated by the CNCF. He is also involved in the Linux Foundation's... Read More →



Friday November 20, 2020 3:10pm - 3:45pm EST
Intrado Virtual Event Platform