| Website | https://why.kunai.rocks |
| Github | https://github.com/kunai-project |
| Twitter/X | https://x.com/kunai_project |
Attending the #kunai workshop at @BSidesLuxembourg held by @qjerome from circle.lu.
kunai is a #Linux security monitoring tool, that very finely grained logs events from the kernel using #eBPF.
Interesting alternative to #auditd, #falco, #tetragon, #tracee, #auditbeats, or #SysmonForLinux.
I'd love to see a write-up with a compairson of all them.
It also has a tool to build a graph from execution logs, that will show relation and hierarchy between processes.
kunai-graph
https://github.com/kunai-project/pykunai/blob/main/src/pykunai/graph.py
βοΈ Technical Spotlight: New Session at BSides Luxembourg 2026
ππ¨π‘ππ: π’π£ππ‘-π¦π’π¨π₯ππ π§ππ₯πππ§ πππ§πππ§ππ’π‘ π’π‘ πππ‘π¨π« β Quentin JEROME
Step into a practical 40-minute talk exploring how modern threat detection is evolving on Linux systems. This session introduces Kunai, an open-source tool built with eBPF to bring deep visibility, real-time monitoring, and Sysmon-like capabilities to Linux environmentsβwhere traditional security tooling often falls short.
From architecture to real-world use cases, discover how Kunai enables incident responders and defenders to detect threats, investigate events, and enhance forensic analysis across cloud and containerized systems. A must-attend for anyone working with Linux infrastructure and looking to strengthen detection and response capabilities.
Quentin Jerome is a Rust developer at CIRCL, focused on building open-source security tools driven by real-world incident response and threat detection needs. His work centers on improving visibility and empowering the security community.
π
Conference Dates: 6β8 May 2026 | 09:00β18:00
π 14, Porte de France, Esch-sur-Alzette, Luxembourg
ποΈ Tickets: https://2026.bsides.lu/tickets/
π
Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026
#BSidesLuxembourg2026 #ThreatDetection #LinuxSecurity #DFIR #CyberSecurity #OpenSource
Call for papers is now open for hack.lu 2026 (the 20th edition!)
The purpose of the hack.lu convention is to provide an open and free playground where people can discuss the implications of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet and share all kinds of information freely. The convention will be held in the Grand-Duchy of Luxembourg in October (20-23.10.2026). The most significant new discoveries about computer network attacks and defenses, open-source security solutions, and pragmatic real-world security experiences will be presented in a four-day series of informative tutorials.
We are waiting for your great proposals!
https://2026.hack.lu/blog/hack.lu-2026-call-for-papers/
#cfp #luxembourg #conference #cybersecurity #callforpapers #hacklu
After months of quiet, Kunai is back with an update in the works!
Hereβs whatβs new:
- Sharper DNS traffic analysis for better threat detection
- File identification powered by magic-rs to unlock deeper detection scenarios
- Smarter event filtering and exclusion rules to cut false positives and boost performance
This release will be about making Kunai more precise, faster, and easier to useβwhether youβre monitoring workstations, servers, or IoT devices.
If you have specific a request, this is the perfect time to open an issue and get a chance to see it land in the next release π
Curious? Follow the progress here: https://github.com/kunai-project
π¨ ONE STAR TO RULE THEM ALL π¨
Weβre 999 stars deep and this close to hitting 1000βwill YOU be the chosen one?
π« Perks of being #1000:
βοΈ The undying gratitude of the Kunai dev team (weβll owe you a coffee in the metaverse)
βοΈ The satisfaction of making a repoβs day
π Do the thing: https://github.com/kunai-project/kunai
Hi @hack_lu folks !
For anyone attending kunai workshop this afternoon, please complete the requirements : https://github.com/kunai-project/workshops/tree/main/circl-vss-2025
See you there,
I learned an incredible about from this chat I had with @adulau and @cedric about @gcve
I'm still working through all the details, but I'm starting to suspect #GCVE solved many of the problems with vulnerability data I've been complaining about for a very long time
If you do anything with vulnerabilities this one is worth a listen
https://opensourcesecurity.io/2025/2025-08-gcve-cedric-alex/
In this episode I discuss GCVE and Vulnerability-Lookup with Alex and Cedric from CIRCL. GCVE offers a decentralized approach, allowing organizations to assign their own IDs and publish vulnerabilities independently. Vulnerability-Lookup is the tool that makes GCVE a reality. The flexibility addresses many of the limitations we see today with a single centralized ID system. The work happening by CIRCL on GCVE is very impressive, with all the current CVE turmoil, this is a project we should all be paying attention to.
Leo
BSidesLuxembourg
hack_lu
Hyde
Josh Bressers