BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//conference.wireshark.org//sharkfest-24-eu//speaker//LQU7 ZL BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-sharkfest-24-eu-FW933D@conference.wireshark.org DTSTART;TZID=CET:20241106T110000 DTEND;TZID=CET:20241106T120000 DESCRIPTION:Falco\, a CNCF project\, is the de facto solution for runtime t hreat detection in Linux and Kubernetes environments. It offers complete k ernel-level visibility by capturing Syscalls via eBPF\, analyzing this flo w with a powerful rules engine and alerting when a rule is triggered.\nOve r time\, the Falco ecosystem has grown to include the ability to retrieve events from different sources\, such as SaaS or Cloud provider audit logs\ , and to integrate with dozens of tools for notification\, analysis and re action. The last born in its ecosystem is Falco Talon\, a tailor made no-c ode response engine\, which react to the Falco events with out of the box actions\, such as terminating a pod\, or triggering a tcpdump.\nIn this ta lk\, listeners will learn the basics of Falco\, and will be treated to a r eal-time demonstration of remediation action against intrusions\, with a b ig focus on the capacity to trigger a tcpdump\, to observe what the attack er did following the raised alert. DTSTAMP:20260413T052813Z LOCATION:Palais Sachsen Coburg I-III SUMMARY:Automatically trigger captures via tcpdump when a suspicious event occurs in your Kubernetes cluster - Thomas Labarussias URL:https://conference.wireshark.org/sharkfest-24-eu/talk/FW933D/ END:VEVENT BEGIN:VEVENT UID:pretalx-sharkfest-24-eu-PJCUHK@conference.wireshark.org DTSTART;TZID=CET:20241106T171500 DTEND;TZID=CET:20241106T181500 DESCRIPTION:As infrastructure managers\, we often have to deal with malware s. Although we do our best to avoid or block them\, some slip through the net anyway. Let's imagine that you or a member of your team got their hand s on one of these malicious binaries. How can you find out what its purpos e was? You can try to uncompile the binary or explore it in hexadecimal mo de\, two tried and tested but time-consuming methods. Let's try a new appr oach and analyze the malware's behavior by running it in an isolated envir onment and collecting all its syscalls using eBPF. The final step will be to explore the captures with Logray\, a project forked from Wireshark\, es pecially made to analyze syscall packets captures. DTSTAMP:20260413T052813Z LOCATION:Ballroom A+B+C SUMMARY:Let’s dissect malwares by collecting their syscalls with eBPF - T homas Labarussias URL:https://conference.wireshark.org/sharkfest-24-eu/talk/PJCUHK/ END:VEVENT END:VCALENDAR