Tetragon
Hello, my name is Orca: Unprivileged Keylogging on Wayland via D-Bus Accessibility
2026-05-15
·
Keith Linneman
KDE KWin and GNOME Mutter trust a claimable Orca D-Bus name for raw Wayland accessibility keyboard events, including password input.
Porting Dirty Frag to arm64: Detection, Prevention and Hardening Notes
2026-05-11
·
Keith Linneman
Porting CVE-2026-43284 exploit to aarch64. The rxrpc path kernel oopses on arm64. Ubuntu 24.04's AppArmor blocked exploitation over SSH, transitioning into existing complain-mode profile leads to success. Analysis of chmod o-r as a mitigation for SUID targets, FIM limitations, and page-cache persistence.
Purple Team Engineering: Detection Below the Socket Layer with eBPF and Tetragon
2026-04-24
·
Keith Linneman
Creating Tetragon policies to catch malware - AF_INET raw sockets, AF_PACKET with manual Ethernet construction, and the combination-detection patterns that emerge. Working Tetragon policy additions, a custom event parser, and purple-team test binaries to verify detection coverage.