Alice in Kernel Land: Lessons Learned From the eBPF Rabbit Hole

Extended Berkeley Packet Filter (eBPF) is a technology that provides capabilities to programmers seeking to make use of kernel layer performance and functionality. Fundamentally, eBPF allows users to load programs into kernel space and attach them to hook points. This allows for loading kernel code at runtime without needing to modify the kernel source code itself or develop a kernel module.

eBPF programs are written in a high-level language and then compiled into assembly-like bytecode.....

By: Juan José López Jaimez , Valentina Palmiotti , Simon Scannell

Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-23/brie...