all InfoSec news
Test code block
Feb. 2, 2024, midnight | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
The following Falco rule will detect the affected container runtimes trying to change the directory to a proc file descriptor, which isn’t normal activity. This rule should be considered experimental and can be used in OSS Falco and Sysdig Secure as a custom rule.
- rule: Suspicious Chdir Event Detected
desc: Detects a process changing a directory using a proc-based file descriptor.
condition: >
evt.type=chdir and evt.dir=< and evt.rawres=0 and evt.arg.path startswith "/proc/self/fd/"
output: >
Suspicious Chdir event detected, executed …
block can change changing code container detect directory event falco file isn normal oss proc process sysdig sysdig secure test
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Head of Security Operations
@ Canonical Ltd. | Home based - Americas, EMEA
Security Specialist
@ Lely | Maassluis, Netherlands
Senior Cyber Incident Response (Hybrid)
@ SmartDev | Cầu Giấy, Vietnam
Sr Security Engineer - Colombia
@ Nubank | Colombia, Bogota
Security Engineer, Investigations - i3
@ Meta | Menlo Park, CA | Washington, DC | Remote, US
Cyber Security Engineer
@ ASSYSTEM | Bridgwater, United Kingdom