‍

I just finished an excellent Udemy course titled Learn Rust by Building Real Applications by Lyubomir Gavadinov.

I really appreciate this way of introducing programming concepts and paradigms - while building an actual application, explaining the rationale behind the language's concepts and improving the code in an iterative fashion.

‍

This post presents a problematic pattern that I encountered in the infrastructure of one of my clients. I am calling this pattern "log storm", simply because I haven't encountered a more appropriate name. In practice this architectural anti-pattern leads to the creation of unnecessary amount of log entries in a security system which in turn incurs unnecessary usage costs. It can probably be encountered in various platforms and setups, but in this post I am focusing on AWS-based set-up.

‍

In this tutorial we will explore a case in which crossing the border between the userspace and kernelspace code is necessary. For this purpose we will use a sample of ZeroAccess rootkit, analysed and described in this excellent article. You can download this sample from here.