There's some cool sounding training on its way from @circl

CIRCL - Virtual Summer School (VSS) 2025

https://www.circl.lu/pub/vss-2025/

#MISP #AIL #LookyLoo #Lacus #Pandora #Kunai #DFIR #ThreatHunting #FlowIntel #Cerebrate #VulnerabilityLookup #GCVE

We are happy to announce the integration of @kunai_project Linux Sandbox on MalwareBazaar 🥳

Sample ELF X86 report ⤵️
https://bazaar.abuse.ch/sample/0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26/

The @circl is running several online training on forensics and threat intelligence tools in July, they look really interesting:
Virtual Summer School (VSS) 2025
https://www.circl.lu/pub/vss-2025/

If you're already a GNA, we've created a set of logos you can use to show that you're a GCVE Numbering Authority (GNA).

🔗 https://gcve.eu/logo/

🔗 If you want to become a GNA https://gcve.eu/about/#eligibility-and-process-to-obtain-a-gna-id

#gna #gcve #vulnerabilitymanagement #cve

New release: FlowIntel 1.6.0 — an open-source case management tool — now with extended support for importing MISP events as cases, a timeline view for attributes, a new templating system for notes, and many other new features!

🔗 https://github.com/flowintel/flowintel/releases/tag/1.6.0
🔗 https://github.com/flowintel/flowintel

@misp @circl

#opensource #threatintel #threatintel #dfir #cti #misp #flowintel

Thanks to @davcru for the continuous work on the project and all the new contributors.

🎉 Just dropped a new Kunai release! 🎉

We've been working hard on some exciting new features and performance boosts that we can't wait for you to try out! Here's what's new:

New Features:
🔍 Track io_uring operations with new io_uring_sqe events!
📝 Get more context with parent command line information for execve and execve_script events.
🔎 Get information about matching filtering rules in final events.
🧪 Test your filters with ease using the new test command.

Improvements:
⚡ Experience performance boosts thanks to changes in the event matching engine and code refactoring.

Ready to dive in? Check out the full release notes here: https://github.com/kunai-project/kunai/releases/tag/v0.6.0

Don't hesitate to give Kunai a try and share your feedback! Let's make Kunai even better together!

#Linux #ThreatHunting #ThreatDetection #DFIR #DetectionEngineering #OpenSource

🚀 Kunai Sandbox is now live! 🚀

Curious about Kunai? Want to analyze Linux malware logs? Or share malware analysis to build detection rules? Kunai Sandbox has you covered! 🛡️

🔍 Check out what Kunai can do:
✅ Explore Kunai's log structure without running it locally
✅ Analyze logs generated by Linux malware
✅ Share malware analysis with others to build detection rules

🔗 See an example analysis of the perfctl #linux #malware: https://sandbox.kunai.rocks/analysis/59edbf8c-41b7-4144-97e0-9b0571446c02

#detectionengineering #infosec #dfir #soc

🚀 New Blog Post: Kunai vs io_uring (https://why.kunai.rocks/blog/kunai-vs-io_uring) 🚀

💡 Ever wondered how io_uring revolutionizes I/O operations in the Linux kernel? Inspired by Armo's blog post (https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/) about a PoC rootkit using io_uring, we explored this feature's security implications and how tools like Kunai can monitor these operations.

🔍 Key Takeaways:
🔹 io_uring boosts I/O performance by reducing system call overhead and enabling asynchronous operations
🔹 Security tools struggle to monitor io_uring due to its unique handling of operations
🔹 Kunai now provides visibility into io_uring operations, though blocking malicious activities remains challenging
🔹 Recent kernel versions have introduced auditing and security controls for io_uring, but these are still limited

📖 Read more: https://why.kunai.rocks/blog/kunai-vs-io_uring

#Linux #io_uring #Security #OpenSource #ThreatDetection #SOC #DFIR

The hack.lu 2025 Call for Papers closes in just 1 day! If you’ve been planning to submit a talk, workshop, or lightning talk — now’s the time to do it.

#conference #luxembourg #infosec #hacklu2025 #hacklu #cybersecurity

🔗 https://hack.lu/blog/hack.lu-2025-call-for-papers-one-day-left/

@FLOSS_Weekly @JP_Bennett @adulau Really enjoyed sharing this moment to chat with you guys !

This week, @JP_Bennett chatted Linux security with @adulau and @qjerome ! It's Kunai and CIRCL talking threat detection, why your security solution should be using eBPF and more! See the whole thing at https://hackaday.com/2025/05/07/floss-weekly-episode-832-give-yourself-a-medal/

🥷 Calling all Kunai Ninjas! 🥷

We're happy to announce the launch of the Kunai Community Hub – a collaborative space where you can share your architecture overviews, deployment tips, and any other useful information about Kunai.

Why Join the Kunai Community Hub?

- Share Your Expertise: Contribute your knowledge and experiences to help others in the community.
- Learn from Others: Discover best practices, architectural insights, and deployment strategies from fellow Kunai users.
- Connect and Collaborate: Engage with the community of Kunai users.

Join the Conversation:

We can't wait to see what you share! Whether it's a detailed architecture overview, deployment tips, or insights on scaling, your contributions will help build a stronger and more knowledgeable Kunai community.

Get Started:

Visit the Kunai Community Hub on GitHub: https://github.com/kunai-project/community-hub

#OpenSource #Linux #Malware #ThreatHunting #DFIR #SOC #DetectionEngineering

Thank you for being part of the Kunai journey!

@kunai_project, the better-than-sysmon Linux eBPF logging tool, now has a sandbox for running samples! https://github.com/kunai-project/sandbox

And there's even a handy web UI!

https://github.com/kunai-project/sandbox-ui

@lcamtuf 🤣 🤣 🤣