Saturday Sunset 6 12:00 – 13:50
Mark Ignacio
bedr
bedr is a Linux syscall monitor that uses Berkeley Packet Filters that hook via kernel tracepoints. It collects the holy trinity of EDR data - proc events, filemods, and netconns – and ships them off to somewhere else for off-machine detection and response. Basically, it’s half of what you need to make an EDR!
Target Audience: Defense, Linux
Link(s): https://github.com/mark-ignacio/bedr
Mark is a security engineer that does operating system security things on Windows and Linux. He likes coding in Go a lot and is a consistent believer that this year will be the Year of Linux on the Desktop.
Mark Ignacio
bedr
bedr is a Linux syscall monitor that uses Berkeley Packet Filters that hook via kernel tracepoints. It collects the holy trinity of EDR data - proc events, filemods, and netconns – and ships them off to somewhere else for off-machine detection and response. Basically, it’s half of what you need to make an EDR!
Target Audience: Defense, Linux
Link(s): https://github.com/mark-ignacio/bedr
Mark is a security engineer that does operating system security things on Windows and Linux. He likes coding in Go a lot and is a consistent believer that this year will be the Year of Linux on the Desktop.