eBPF

[System profiling that unwinds stack without frame pointers and symbols

Elastic Blog](https://www.elastic.co/de/blog/universal-profiling-frame-pointers-symbols-ebpf)

eBPF: A new frontier for malware - Red Canary

[Harnessing the eBPF Verifier

Trail of Bits Blog](https://blog.trailofbits.com/2023/01/19/ebpf-verifier-harness/)

Learning eBPF exploitation

Vesselin Bontchev / bpfdscan · GitLab

On Bypassing eBPF Security Monitoring · Doyensec’s Blog

[Skyfall: eBPF agent for infrastructure observability

LinkedIn Engineering](https://engineering.linkedin.com/blog/2022/skyfall–ebpf-agent-for-infrastructure-observability)

Building an eBPF-Based Profiler

Why You Should Pay Attention to eBPF – Alt + E S V

Gui774ume/krie: Linux Kernel Runtime Integrity with eBPF

Defeating eBPF Uprobe Monitoring

Process Behaviour Anomaly Detection Using eBPF and Unsupervised-Learning Autoencoders

Ollie: Simone Margaritelli shows how to use eBPF syscall tracing and statistical analysis to highlight when a process might have been compromised. The overhead will be too high to use everywhere, but used on high risk entry points you can see the utility.

[A Practical Guide to Capturing Production Traffic with eBPF

Seekret](https://www.seekret.io/blog/a-practical-guide-to-capturing-production-traffic-with-ebpf/)

citronneur/pamspy: Credentials Dumper for Linux using eBPF

(20) jedsalazar.sig on Twitter: “I’m super excited to announce the O’Reilly publication of Security Observability with eBPF I authored with @nataliaivanko. A new paradigm of Security Observability unlocks insights into Kubernetes security in production environments. Give it a read https://t.co/4UA9DPFJVq https://t.co/KN3sdeNt6S” / Twitter