2026-05-08 –, IFEN room 1, Workshops and Detection Engineering village (Building D)
This talk explores Kunai, an open-source security monitoring tool that brings threat-detection capabilities to Linux systems using eBPF technology. We begin with an overview of Kunai's purpose, architecture, and core monitoring capabilities. The session then dives into recent advancements, highlighting key features and improvements. Finally, we examine practical use cases in threat detection, incident response, and digital forensic analysis, demonstrating how Kunai enhances cyber incident investigations.
This talk presents Kunai, an open-source security monitoring tool developed in Luxembourg that brings Sysmon-like capabilities to Linux systems. Built specifically to address the often-overlooked security monitoring needs of Linux environments, Kunai leverages eBPF technology to provide comprehensive threat detection and incident response capabilities.
We'll explore how Kunai was designed from the ground up with incident response and threat detection requirements in mind, filling a critical gap in Linux security tooling. Given that Linux powers the majority of web-facing systems and cloud infrastructure, it has become a prime target for attackers - yet often lacks the sophisticated monitoring tools available for other platforms.
The session will cover Kunai's architecture, recent advancements, and practical applications including:
- Real-time threat detection across Linux environments
- Comprehensive event logging for incident investigations
- Container-aware monitoring capabilities
- Integration with existing security workflows
Attendees will learn how Kunai enhances visibility into Linux systems, enabling better threat detection, faster incident response, and more effective digital forensic analysis - all while maintaining the performance and reliability required for production environments.
Quentin is a Rust developer at CIRCL. Inspired by his background in incident response and threat detection, he develops open-source security tools to solve practical problems. His main interests include threat detection, bug hunting, and building tools that help the security community.