Observing all kernel events can be like descending into the steam-engine of an airship – the machinery of system calls can be arcane, complicated and very, very noisy. Buried in this cacophony, though, can be indicators of privilege escalation, resource a