alt Hacker NewsWould love to learn more about their internal behavioural detection program.
> One of the first things our security team did was confirm that our existing endpoint detection would catch this exploit. Our servers run behavioral detection that continuously monitors process execution patterns. It doesn't rely on knowing about specific vulnerabilities; it watches for anomalous behavior across the fleet.
Replies
staticassertion • today at 2:57 PM
Syscalls and kernel module loading can both be logged, I assume that's sufficient here.
➕ show 1 reply
mobeigi • today at 2:42 PM
I'd very much like to learn more about this too, deserves its own blog post.
Would certainly be interesting to learn more about. A simple check: allowlist of known "processes that run as root". Any new process shows up, something happened.