There's some cool sounding training on its way from @circl

CIRCL - Virtual Summer School (VSS) 2025

https://www.circl.lu/pub/vss-2025/

#MISP #AIL #LookyLoo #Lacus #Pandora #Kunai #DFIR #ThreatHunting #FlowIntel #Cerebrate #VulnerabilityLookup #GCVE

@claushoumann @abuse_ch

yes indeed but be careful my personal handle is @qjerome ;)

We are happy to announce the integration of @kunai_project Linux Sandbox on MalwareBazaar 🥳

Sample ELF X86 report ⤵️
https://bazaar.abuse.ch/sample/0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26/

The @circl is running several online training on forensics and threat intelligence tools in July, they look really interesting:
Virtual Summer School (VSS) 2025
https://www.circl.lu/pub/vss-2025/

New release: FlowIntel 1.6.0 — an open-source case management tool — now with extended support for importing MISP events as cases, a timeline view for attributes, a new templating system for notes, and many other new features!

🔗 https://github.com/flowintel/flowintel/releases/tag/1.6.0
🔗 https://github.com/flowintel/flowintel

@misp @circl

#opensource #threatintel #threatintel #dfir #cti #misp #flowintel

Thanks to @davcru for the continuous work on the project and all the new contributors.

🎉 Just dropped a new Kunai release! 🎉

We've been working hard on some exciting new features and performance boosts that we can't wait for you to try out! Here's what's new:

New Features:
🔍 Track io_uring operations with new io_uring_sqe events!
📝 Get more context with parent command line information for execve and execve_script events.
🔎 Get information about matching filtering rules in final events.
🧪 Test your filters with ease using the new test command.

Improvements:
⚡ Experience performance boosts thanks to changes in the event matching engine and code refactoring.

Ready to dive in? Check out the full release notes here: https://github.com/kunai-project/kunai/releases/tag/v0.6.0

Don't hesitate to give Kunai a try and share your feedback! Let's make Kunai even better together!

#Linux #ThreatHunting #ThreatDetection #DFIR #DetectionEngineering #OpenSource

🚀 Kunai Sandbox is now live! 🚀

Curious about Kunai? Want to analyze Linux malware logs? Or share malware analysis to build detection rules? Kunai Sandbox has you covered! 🛡️

🔍 Check out what Kunai can do:
✅ Explore Kunai's log structure without running it locally
✅ Analyze logs generated by Linux malware
✅ Share malware analysis with others to build detection rules

🔗 See an example analysis of the perfctl #linux #malware: https://sandbox.kunai.rocks/analysis/59edbf8c-41b7-4144-97e0-9b0571446c02

#detectionengineering #infosec #dfir #soc

CIRCL - Virtual Summer School (VSS) 2025

From 7 July to 18 July 2025, CIRCL will host a two-week online training event featuring hands-on sessions on various tools developed and maintained by CIRCL, as well as training in digital forensics and incident response (DFIR) techniques.

#opensource #dfir #training #cybersecurity #threatintelligence

@ail_project
@misp
@vulnerability_lookup
@gcve

🔗 https://www.circl.lu/pub/vss-2025/

🚀 New Blog Post: Kunai vs io_uring (https://why.kunai.rocks/blog/kunai-vs-io_uring) 🚀

💡 Ever wondered how io_uring revolutionizes I/O operations in the Linux kernel? Inspired by Armo's blog post (https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/) about a PoC rootkit using io_uring, we explored this feature's security implications and how tools like Kunai can monitor these operations.

🔍 Key Takeaways:
🔹 io_uring boosts I/O performance by reducing system call overhead and enabling asynchronous operations
🔹 Security tools struggle to monitor io_uring due to its unique handling of operations
🔹 Kunai now provides visibility into io_uring operations, though blocking malicious activities remains challenging
🔹 Recent kernel versions have introduced auditing and security controls for io_uring, but these are still limited

📖 Read more: https://why.kunai.rocks/blog/kunai-vs-io_uring

#Linux #io_uring #Security #OpenSource #ThreatDetection #SOC #DFIR

The hack.lu 2025 Call for Papers closes in just 1 day! If you’ve been planning to submit a talk, workshop, or lightning talk — now’s the time to do it.

#conference #luxembourg #infosec #hacklu2025 #hacklu #cybersecurity

🔗 https://hack.lu/blog/hack.lu-2025-call-for-papers-one-day-left/

This week, @JP_Bennett chatted Linux security with @adulau and @qjerome ! It's Kunai and CIRCL talking threat detection, why your security solution should be using eBPF and more! See the whole thing at https://hackaday.com/2025/05/07/floss-weekly-episode-832-give-yourself-a-medal/

🥷 Calling all Kunai Ninjas! 🥷

We're happy to announce the launch of the Kunai Community Hub – a collaborative space where you can share your architecture overviews, deployment tips, and any other useful information about Kunai.

Why Join the Kunai Community Hub?

- Share Your Expertise: Contribute your knowledge and experiences to help others in the community.
- Learn from Others: Discover best practices, architectural insights, and deployment strategies from fellow Kunai users.
- Connect and Collaborate: Engage with the community of Kunai users.

Join the Conversation:

We can't wait to see what you share! Whether it's a detailed architecture overview, deployment tips, or insights on scaling, your contributions will help build a stronger and more knowledgeable Kunai community.

Get Started:

Visit the Kunai Community Hub on GitHub: https://github.com/kunai-project/community-hub

#OpenSource #Linux #Malware #ThreatHunting #DFIR #SOC #DetectionEngineering

Thank you for being part of the Kunai journey!

@kunai_project, the better-than-sysmon Linux eBPF logging tool, now has a sandbox for running samples! https://github.com/kunai-project/sandbox

And there's even a handy web UI!

https://github.com/kunai-project/sandbox-ui

🚀 Introducing the Kunai Sandbox UI

I'm excited to share a Kunai-related project I've been working on over the past two months: Kunai Sandbox UI – https://github.com/kunai-project/sandbox-ui

This interface builds on top of Kunai Sandbox (https://github.com/kunai-project/sandbox) and is designed to streamline malware sample analysis by providing a dedicated UI for detection engineers. Instead of competing with existing sandboxing tools, the focus is on delivering actionable, structured data that's directly usable by teams working with Kunai.

This post isn't a full walkthrough, but I’d like to share some insights into the technical choices behind the project — and why I made them.

---

🖥️ Frontend Decisions

👉 Why Vue.js 3?
This is my first time building a UI in over a decade, so I had some catching up to do. I initially explored a full-Rust stack using Leptos (https://www.leptos.dev/), but quickly ran into some issues:

- Slow development cycles due to full frontend and backend compilation on every change — painful during UI design, where rapid iteration is key
- Reactive programming in Rust felt unintuitive and heavy
- The benefits of frontend/backend integration didn’t outweigh the added complexity
- Integrating with Node.js modules is challenging and required extra work

After weighing my options and talking to friends, colleagues, and a few helpful AI agents, I switched to Vue.js 3 — and haven’t looked back.

---

🧠 Backend Decisions

👉 Why Rust?
Do I even need to say it? 😄 Rust enables fast, safe, and maintainable development — a great fit for backend programming.

💡 Web Framework
I tested both Axum (https://github.com/tokio-rs/axum) and Rocket (https://rocket.rs/). In the end, I chose Rocket because I preferred its derive macro-based model. Both are excellent — sometimes it just comes down to what feels right.

💡 ORM Framework
As the project grew, a clean database integration became essential. I first tried SQLx (https://github.com/launchbadge/sqlx), which is powerful but not a true ORM — meaning lots of manual mapping between SQL rows and Rust structs.

I then explored Diesel (https://diesel.rs/) and SeaORM (https://www.sea-ql.org/SeaORM/). After going through both tutorials, I chose SeaORM for its full-Rust experience. Diesel still requires maintaining your DB schema in SQL, which SeaORM avoids.

🔧 Putting It All Together
The frontend is compiled with a Rust build script and embedded directly into the final binary using the rust-embed crate (https://git.sr.ht/~pyrossh/rust-embed). This allows for simple, single-binary deployments.

---

Thanks for reading! I tried to keep this post brief — if you have questions or feedback, feel free to reach out!

🚀 New Patch Release v0.5.5 is Live! 🚀

This Patch fixes a crash and provides more comprehensive error messages. 💡 Don't forget to update if you want to benefit from these fixes.

https://github.com/kunai-project/kunai/releases/tag/v0.5.5

If you want to join an open source #hackathon for open source security tools, it’s next week (on April 8th and 9th, 2025) in Luxembourg.

https://hackathon.lu

#opensource #infosec #cybersecurity

🚀 New Kunai Patch Release! 🔥

This update brings important fixes:
✅ Fix probe tripping the eBPF verifier affecting Linux v5 (only on AArch64)
✅ Improved compatibility with kernels ≥ 6.11

🔗 check it out: https://github.com/kunai-project/kunai/releases/tag/v0.5.4

#opensource #linux #threathunting #dfir

🚀 Kunai pushes further integration with MISP!

This week, we've made significant progress in bridging Kunai with @misp to enhance threat intelligence sharing. Our focus has been on developing kunai-to-misp, a new tool available at https://github.com/kunai-project/pykunai, which processes Kunai logs and creates MISP events to streamline collaboration.

With this, it is now possible to both update MISP from Kunai and feed Kunai from MISP using the misp-to-kunai tool. Here's a practical workflow example:

1️⃣ Analyze a #linux malware sample with Kunai Sandbox (https://github.com/kunai-project/sandbox)
2️⃣ Use kunai-to-misp on the collected Kunai logs
3️⃣ (Optional) Review attributes' IDS flag to maximize detections and reduce false positives
4️⃣ Use misp-to-kunai to distribute the results across all Kunai endpoints

Additionally, we're leveraging MISP’s data model to craft meaningful MISP objects and relationships, offering a clear visual representation of events inside MISP.

🔗 Try it out and let us know what you think!

#opensource #threatintel #threatdetection #cyberdefense #dfir #detectionengineering

🔥 Kunai v0.5.0: Sharpened and Forged for Peak Performance! 🔥

We're happy to announce that Kunai v0.5.0 is now available, freshly forged with new features and enhancements designed to boost your system observability.

🔍 Get More Visibility Than Ever:

- Start Event: Understand your agent's startup process with detailed information via our new `start` event.
- Error Event: Critical errors, like file system throttling decisions, now bubble up into Kunai logs with our new `error` event. Stay informed about issues affecting your system's operation and take immediate action.
- Event Loss Event: Never lose track of important data with our `event_loss` event! Get notified if the userland component can't keep up with the kernel's event rate, enabling you to address potential data loss and system load issues.

⚙️ Enhanced Control and Efficiency:

- File System Event Limiting: Take control of your resources and prevent event floods with our new file system event limiting. Configure the limit per CPU and manage both task-level and global resource usage.
- User/Group Name Resolution: Enhance your audit logging and security event analysis with user and group names directly in your events, providing context and value to your security monitoring.

Ready to supercharge your system monitoring with Kunai? Check out our documentation to get started today!
👉 https://why.kunai.rocks/docs/next/quickstart

View the full release details here: https://github.com/kunai-project/kunai/releases/tag/v0.5.0

Try it out, report any bugs or issues, and let's improve this together! Your feedback is invaluable.

#linux #ebpf #opensource #linux #observability #monitoring #security

@joost @adulau @circl @misp @suricata @vulnerability_lookup @ail_project english for general social interactions and/or any of (luxembourgish, german, french) depending on your interlocutor. For programming language it depends on the project you want to work on 😜