Dive into the world of Extended Berkeley Packet Filter (eBPF) in this 38-minute Black Hat conference talk. Explore how eBPF enables programmers to leverage kernel layer performance and functionality by loading programs into kernel space and attaching them to hook points. Learn about the ability to load kernel code at runtime without modifying kernel source code or developing kernel modules. Discover the process of writing eBPF programs in high-level languages and compiling them into assembly-like bytecode. Gain insights from Juan José López Jaimez, Valentina Palmiotti, and Simon Scannell as they share lessons learned from their deep dive into the eBPF ecosystem.
Overview
Syllabus
Alice in Kernel Land: Lessons Learned From the eBPF Rabbit Hole
Taught by
Black Hat