Extended Berkeley Packet Filter (eBPF) is a technology that provides capabilities to programmers seeking to make use of kernel layer performance and functionality. Fundamentally, eBPF allows users to load programs into kernel space and attach them to hook points. This allows for loading kernel code at runtime without needing to modify the kernel source code itself or develop a kernel module.
eBPF programs are written in a high-level language and then compiled into assembly-like bytecode.....
By: Juan José López Jaimez , Valentina Palmiotti , Simon Scannell
Full Abstract and Presentation Materials:
www.blackhat.com/asia-23/brie...