0x40k<p>Whoa, hold up! 🤯 There's a new Linux rootkit dubbed "Curing" out in the wild, and it's got a nasty trick: leveraging `io_uring` to slip right past traditional security tools. Why? Because most of those tools are laser-focused on system calls... which `io_uring` can bypass.</p><p>So, what's the deal with `io_uring`? Picture an application chatting directly with the kernel, essentially skipping the front desk where system calls usually check-in. "Curing" exploits this direct line for its command-and-control communication, leaving *none* of the usual suspicious system call footprints. Talk about stealth mode! And heads up – Google has actually been warning about the potential risks here for some time.</p><p>Speaking from a pentester's perspective, this is yet another stark reminder: just relying on "basic" security isn't going to cut it. We really need to dive deeper, get our hands dirty with kernel-level analysis and understanding. Let's be clear: running automated scans is *not* the same as a thorough penetration test!</p><p>What about you? Are you utilizing `io_uring` in your environment? What kind of security measures have you put in place around it? Seriously curious – how do you see kernel security evolving from here? Let's discuss! 👇</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/Rootkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rootkit</span></a> <a href="https://infosec.exchange/tags/io_uring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>io_uring</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/KernelSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KernelSecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a></p>