YoVDO

Kernel Tracing With EBPF

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses System Analysis Courses System Security Courses eBPF Courses

Course Description

Overview

Explore the powerful capabilities of eBPF (extended Berkeley Packet Filter) for kernel tracing in Linux systems through this comprehensive 54-minute conference talk. Dive into the world of dynamic kernel instrumentation and learn how to gain deep insights into both kernel and userspace code across a running system. Discover practical applications of eBPF beyond code profiling, including defensive and offensive security techniques. Understand the internals of eBPF implementation in the Linux kernel, its features, and integration with various components. Learn about pragmatic approaches to using eBPF, non-idiomatic coding styles required for its sandbox, and potential vulnerabilities. Explore how eBPF can be used to trace kernel functions, inspect code and data flow, and even perform privilege escalation in certain container configurations. Gain valuable knowledge on using eBPF to monitor system actions performantly and uncover process secrets, ultimately unlocking a new level of system insight and control.

Syllabus

Introduction
What is eBPF
Why eBPF
Tracing
eBPF Code
STrace Output
UPF Validator
Kernel Mod
Security Monitoring
Limitations
eBPF


Taught by

media.ccc.de

Related Courses

Analyzing Postgres Performance Problems Using Perf and eBPF
Microsoft via YouTube
Citus Con - An Event for Postgres - Americas Livestream
Microsoft via YouTube
EBPF - The Next Power Tool of SREs
USENIX via YouTube
Building Observability for 99% Developers
Docker via YouTube
EBPF Superpowers
Docker via YouTube