How to secure things by tracing signals from the Kernel up?
Falco provides runtime security using an eBPF probe or a kernel module as the driver, plus a ring buffer, to trace syscalls caused by userspace processes.
This is the deck for my talk given at BSides Athens 2020.
Google drive version: https://bit.ly/falco-talk-bsidesath-2020
ASCIINEMA: https://bit.ly/falco-isopenexec-container-cast