fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft’s New Project Ports Linux eBPF To Windows 10, Server

Microsoft’s New Project Ports Linux eBPF To Windows 10, Server

Microsoft has launched a new open-source project that aims to add to Windows the benefits of eBPF, a technology first implemented in Linux that allows attaching programs in both kernel and user applications.

The advantages associated with eBPF (Extended Berkeley Packet Filter) range from network performance and security to event analysis and observability.

eBPF technology allows a user-supplied program to run isolated (sandboxed) inside the kernel of an operating system at a specific event, a hook point like a system call, a function entry/exit, kernel tracepoints, or network events.

eBPF - system call hook
System call hook for eBPF programs

Being attached to a pre-defined hook and working at such low level gives an eBPF program the possibility to inspect in real time data that has not been altered by malicious activity.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

For these reasons, eBPF programs are particularly useful for filtering, monitoring, and analysis tasks that have applications in the networking and security fields.

Example eBPF program
Example eBPF program

They are also suitable for debugging purposes on live systems as eBPF programs can access kernel data structure and there is no need to recompile the kernel for them to run.

eBPF development gets Windows chapter

Microsoft’s effort builds on the work of the eBPF community by adding a compatibility layer that turns existing eBPF open-source projects into submodules that can work on top of Windows 10 and Windows Server 2016 and later.

“The ebpf-for-windows project aims to allow developers to use familiar eBPF toolchains and application programming interfaces (APIs) on top of existing versions of Windows” – Microsoft

An architectural view of the project shows that an eBPF program can use toolchains to generate eBPF bytecode in a variety of languages so any application can use it and even be fed into the Windows Netsh command-line tool, with the help of a shared library.

eBPF architecture on Windows
eBPF architectural overview on Windows

As seen in the image above, Microsoft uses the PREVAIL eBPF verifier hosted in a user-mode protected process, and IO Visor’s uBPF running in kernel-mode execution context, to check the legitimacy of the resulting bytecode and to execute an eBPF program on top of Windows.

Microsoft explains that “eBPF programs installed into the kernel-mode execution context can attach to various hooks to handle events and call various helper APIs exposed by the eBPF shim, which internally wraps public Windows kernel APIs, allowing the use of eBPF on existing versions of Windows.”

Currently, there are only two hooks available – XDP and socket bind – both related to networking. However, Microsoft expects more to be added in the future, to cover other areas as well.

Also Read: Data Protection Officer Singapore | 10 FAQs

With this project, Microsoft wants to “port” to its operating system the hooks and helpers written for Linux that have an application to Windows.

“Similarly, the eBPF for Windows project exposes Libbpf APIs to provide source code compatibility for applications that interact with eBPF programs” – Microsoft

The ebpf-for-windows project is still at the beginning and the long-term purpose is to “bring the power of eBPF to Windows users” and to become part of the larger eBPF community that would also guide its development.

A tutorial on how to author an eBPF program and make it run on Windows is available here.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us