{"id":212388,"date":"2025-04-25T05:07:22","date_gmt":"2025-04-25T10:07:22","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/04\/linux-io_uring-poc-rootkit-bypasses-system-call-based-threat-detection-tools"},"modified":"2025-04-25T05:07:22","modified_gmt":"2025-04-25T10:07:22","slug":"linux-io_uring-poc-rootkit-bypasses-system-call-based-threat-detection-tools","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/04\/linux-io_uring-poc-rootkit-bypasses-system-call-based-threat-detection-tools","title":{"rendered":"Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools"},"content":{"rendered":"<p><\/p>\n<p><iframe style=\"display: block; margin: 0 auto; width: 100%; aspect-ratio: 4\/3; object-fit: contain;\" src=\"https:\/\/www.youtube.com\/embed\/oJ6VQO87MIY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope;\n   picture-in-picture\" allowfullscreen><\/iframe><\/p>\n<p>ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1523,1492],"tags":[],"class_list":["post-212388","post","type-post","status-publish","format-standard","hentry","category-computing","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/212388","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=212388"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/212388\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=212388"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=212388"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=212388"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}