In this talk, we will present novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing. A user mode program does not need any special privileges or capabilities to reliably avoid system call tracing detections by exploiting these vulnerabilities. The exploits work even when seccomp, SELinux, and AppArmor are enforced.

Presented by Rex Guo & Junyuan Zeng

Full Abstract and Presentation Materials: https://www.blackhat.com/us-22/briefings/schedule/#trace-me-if-you-can-bypassing-linux-syscall-tracing-26427