The Technical
The Good, Bad and Compromisable Aspects of Linux eBPF
"Recommended Mitigation: Ensure that your Linux distro is configured not to allow unprivileged users to run eBPF programs" seems to be standard security advice too
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
"Since upstreaming code that restricts USER namespace seem to not be an option, we decided to use LSM BPF to circumvent these issues." maybe they want to check out Tetragon too?
BSides TLV 2022 - Hunting rootkits with eBPF
Watch this video to learn a bit more about Tracee
h3xduck/TripleCross
"TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology"
citronneur/pamspy
"Credentials Dumper for Linux using eBPF to achieve an equivalent work of 3snake" and there is already a PoC to stop it
elesiuta/picosnitch
"Monitor network traffic per executable using BPF"
airbus-cert/dirtypipe-ebpf_detection
"An eBPF detection program for CVE-2022-0847" the ever escalating game of attackers and defenders grows again
OpenCloudOS/nettrace
"nettrace is a eBPF-based tool to trace network packet and diagnose network problem" includes nettrace, droptrace, and nodetrace depending on what you want to do
🐝
The Ecosystem
IP Masquerading and eBPF are now in GKE Autopilot
Cilium is now GA for GKE Autopilot
The Compounding (Business) Value of Composable Ecosystems
Learn why Cilium and eBPF are so valuable to both developers and businesses and I wrote it 😉
Pinpoint Service Mesh Critical Performance Impact by using eBPF
"we’ll discuss how to use eBPF technology to improve the continuous profiling feature in SkyWalking and analyze the performance impact in the service mesh" wonder which will come out on top
Unraveling BPF LSM Superpowers
"The why’s and how’s of implementing security enforcement as part of KubeArmor leveraging BPF LSM superpowers" community submission, email me if you want to see your article here too :)
Understanding eBPF for the complete beginner (in 3 mins)
(for programers)
Dissecting Service Mesh Overheads
Since Cilium completed an HTTP2 parser in eBPF for observability it has had a massive impact on preserving latency thus "The primary contributors to overhead
vary based on the configuration"
🐝
The How To
Getting Started with eBPF for Monitoring
"This talk will get you up and running with eBPF as an essential monitoring platform, and contrast what is available via eBPF vs the auditd"
🐝🐝🐝🐝🐝
I would love to see more content here for both Cilium and eBPF, feel free to reach out to me if you are interested, but need help getting started or over the line :)
🐝
The Events
eBPF Summit
Back for the third year and we are putting together a great program (I know at least two eBPF maintainers will be speaking) CfP is open until July 22nd. Happy to help with yours if you message or email me!
Summer school workshop: Instructor led hands-on labs covering Cilium, Hubble, and Tetragon
Isovalent is taking us back to (summer) school. July 21st is Tetragon and Service Mesh
eBPF-based Container Networking
Join this session at KCD Taiwan on July 30th to learn about the history of networking and how eBPF brings it to containers
eBPF @ Black Hat USA
eBPF hitting the stage at BlackHat August 6-11th covering Kernel Exploits, Rootkits, and securing Windows
🐝
.png?upscale=true&width=1120&upscale=true&name=Echo-newsletter-10%20(1).png)
