Detecting application behavior by monitoring library and system calls is a popular technique employed by AppSec tools. These tools can monitor and log activity, block API requests, and so on. In this workshop, you will learn some techniques to keep your activities hidden from these types of tools, using uncommon / unmonitored APIs, using unmonitored processes as confused deputies, and other approaches. You will learn how popular monitoring frameworks like eBPF work and how to circumvent their monitoring capabilities.
Mike Larkin is Founder/ CTO of Deepfactor. He’s a serial entrepreneur, having been Founder/CTO at RingCube (acq. by Citrix). Mike is the author of OpenBSD Hypervisor VMM and holds numerous patents.