HardenedVault wrote “On May 16, 2022, the CTO of cloud native security company Isovalent announced that it has open sourced its internally developed eBPF -based security monitoring and blocking solution for many years: Tetragon . , but from the design of Tetragon, it only supports detection and blocking in the post-exploitation stage. This rule-based detection and blocking was questioned by security researcher Felix Wilhelm , and discussions in the following days led to more security research. Attention to personnel, PaX/GRsecurity team member Pawel Wieczorkiewicz researched for two hours on May 20th and publicly exploited Tetragon’s defense mechanism based on CVE-2021-22555 , and then PaX/GRsecurity disclosed its details and discussed why The defense mechanism cannot rely solely on the detection and blocking mechanism in the post-exploitation phase . Fortunately, the VED (Vault Exploit Defense) solution is immune to current attack methods.”
This article is reprinted from: https://www.solidot.org/story?sid=71635
This site is for inclusion only, and the copyright belongs to the original author.