Home / Series / Chaos Communication Congress / Aired Order / Season 35 / Episode 159

Kernel Tracing With eBPF

Have you ever wanted to trace all syscalls or dump all IPC traffic across a Linux system? Until recently, doing so may have required some significant setup involving a half-baked tracing kernel module, a custom kernel module, or even using a kernel debugger. This talk will introduce the eBPF functionality of the Linux kernel and cover practical uses of the technology beyond mere code profiling. We will show how eBPF can be used both defensively and offensively to protect, or compromise, a system.

English
  • Originally Aired December 30, 2018
  • Runtime 60 minutes
  • Production Code 9532
  • Created December 30, 2018 by
    Administrator admin
  • Modified December 30, 2018 by
    Administrator admin
Name Type Role
Jeff Dileo Director
Andy Olsen Director