The Linux kernel is the heart of many modern production systems. It decides when any code is allowed to run and which programs/users can access which resources. It manages memory, mediates access to hardware, and does a bulk of work under the hood on behalf of programs running on top.

PostgreSQL is one of the leading and widely used open source relational database management systems (RDBMS) that stores structured data in tables, just like MySQL. It is used by developers in their tech stacks and even by large enterprises and corporations to store website and application data. PostgreSQL uses SQL query language to store and manipulate data and also provides JSON support.

Short for High Availability Proxy, HAProxy is an open source and high-performance HTTP load balancer and proxying solution. It enhances website and application performance by distributing workloads across multiple backend web servers. This results in reduced response times, increased throughput, and high availability. Although HAProxy is free and open source, there is also a commercial option called HAProxy Enterprise.

This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such efforts. We’ll be starting out the series discussing how this applies to Linux operating systems, but this is a technique that applies to Windows as well, and we’ll touch on some of this later on in the series. In this particular installment, we’ll be discussing syscall evasion with bash shell builtins.

The cybersecurity landscape is undergoing a significant shift, moving from security tools monitoring applications running within userspace to advanced, real-time approaches that monitor system activity directly and safely within the kernel by using eBPF. This evolution in kernel introspection is particularly evident in the adoption of projects like Falco, Tetragon, and Tracee in Linux environments.