Kunai progress! 🔥​ Currently deep into custom detection rule implementation – enhancing security with precision. Available soon on GitHub: https://github.com/0xrawsec/kunai 🔍 Use it for #malware detection and #threathunting on #linux #blueteam

🚀 Update on Kunai ! I've just added a crucial security monitoring feature: File Unlink events. Now, stay one step ahead with real-time files deletion events. Enhance your security game! Check it out 👉 https://github.com/0xrawsec/kunai #ThreatHunting #SOC #BlueTeam

New event will be in Kunai https://github.com/0xrawsec/kunai when a process uses prctl syscall. For instance it can be used to detect task being renamed. It is not always sign of badness but when the exe is located in /dev/shm and new name mimics a legit app it is ! #threathunting #dfir

Past week I worked on two new events for kunai. Clone (i.e. fork) events and BPF socket filter events (when a filter program is attached to a socket #bpfdoor). Those will both be part of next release and will be documented there https://why.kunai.rocks. Maybe I'll include other new events ! If you have ideas about events you'd like to monitor on #linux that is the time to tell me. Maybe it'll get a chance to be included before next release !
#dfir #threathunting

While running kunai against a #bpfdoor #malware sample I noticed it did not catch the bpf filter attached to the socket ... This is a great opportunity for a new feature development ! Here is what the event will look like. Stay tuned: https://github.com/0xrawsec/kunai
#threathunting #dfir

I think I got bored waiting after #SysmonForLinux so I decided to start my own BPF based #linux monitoring project. Roadmap:
- shared object loading
- driver loading
- dns queries
- network connections
Tell me if you want other stuffs for a first #opensource release !
#threathunting