Linux Detective Toolkit - 360° debugging and black-box analysis without printf() or GDB

Mysterious segmentation fault? Docker container keeps restarting? Application transfers unknown data over HTTPS? Process getting terminated by Out of Memory Killer? Or maybe it got stuck and appears to be doing nothing at all? Without access to source code, IDE with a debugger, or at least extensive logs it is often hard to tell what a Linux process is doing and why. But don't worry! A lot can be said about a black-box application by carefully inspecting its runtime environment. Linux and system libraries offer numerous tools and APIs to help you with this challenging task. Starting with /proc filesystem, and resource monitoring, through call tracing, and runtime overloads, up to various interception hooks, and observability interfaces. Tedious disassembling is rarely necessary, although always possible if that gives you a kick. Whether you are a system programmer, home-lab enthusiast, software integrator, aspiring security researcher, penetration tester, or simply a hobby-hacker - these techniques can help you understand what is actually happening under the hood and how to fix it. Want to learn some of them? Come and see them explained and demonstrated on my laptop, live during the talk.