Announcement

Collapse
No announcement yet.

bedr

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • bedr

    Saturday Sunset 6 12:00 – 13:50

    Mark Ignacio

    bedr

    bedr is a Linux syscall monitor that uses Berkeley Packet Filters that hook via kernel tracepoints. It collects the holy trinity of EDR data - proc events, filemods, and netconns – and ships them off to somewhere else for off-machine detection and response. Basically, it’s half of what you need to make an EDR!

    Target Audience: Defense, Linux

    Link(s): https://github.com/mark-ignacio/bedr

    Mark is a security engineer that does operating system security things on Windows and Linux. He likes coding in Go a lot and is a consistent believer that this year will be the Year of Linux on the Desktop.
Working...
X