Linux Kernel-Mode rootkits: detecting hooked syscalls with Tracee.

Linux kernel-mode rootkits: detecting hooked syscalls with Tracee Tracee is a Runtime Security and Forensics tool that uses eBPF technology, it is very good for capturing and analyzing events that occur in the system and also detecting suspicious behavior patterns, how your system and applications are behaving. With tracee you can have detailed visibility into syscalls and other operations that are performed in the system. Tracee Project https://github.com/aquasecurity/tracee #tracee #linux #syscall #hook #kernel #rootkit #detect #forensics #ebpf