6d ago · 5 min read · Introduction: You're Already Using It — You Just Don't Know It If your Kubernetes cluster runs on AWS EKS, your network layer has been powered by eBPF since 2025 — by default. AWS switched EKS's default CNI to Cilium that year, and Cilium's foundatio...
Join discussionFeb 14 · 16 min read · Stealthy Kernel Rootkit: https://github.com/MatheuZSecurity/Singularity Rootkit Researchers: https://discord.gg/66N5ZQppU7 Author (MatheuZSecurity): https://www.linkedin.com/in/mathsalves/ Introduction Linux security tooling has leaned heavily into ...
Join discussion
Feb 6 · 5 min read · 在 eBPF 开发中,辅助函数(Helper Functions)是连接沙箱代码与内核原生的唯一桥梁, 辅助函数既不是动态加载的插件,也不是脆弱的符号引用。它们是在内核启动那一刻,由引导代码根据链接脚本的‘施工图’,强行焊接在内存只读区域的物理基石。 本文起源于我在开发ebpf程序时思考辅助函数到底是什么?它和内核提供的其他函数有什么区别? 。 本文记录了我是如何通过源码分析、逆向思考和底层调试,一步步打通 eBPF 辅助函数逻辑的全过程。所有的代码均出自于5.15.0-139内核源码 第一...
Join discussionFeb 4 · 16 min read · I’ve been slow with the blog posts, I’ve been very busy getting to grips with new tools, systems, ways of working, and just trying to learn as much as I can since starting my new role at a new company 6 months ago and not making my head explode… All ...
Join discussion
Jan 11 · 3 min read · 📝 Quick Summary: RustNet is a cross-platform terminal UI tool for real-time network monitoring. It provides detailed insights into network connections, interface statistics, and packet data, with advanced filtering and process identification capabil...
Join discussionDec 23, 2025 · 9 min read · Cloud Native Kolkata Winter Meetup was more than just another community gathering; it felt like a real snapshot of where our ecosystem is heading. From deep-dive technical talks to candid discussions about real-world challenges, the room was filled w...
Join discussion
Dec 16, 2025 · 26 min read · Let’s say your Kubernetes pod crashes at 3am and the logs show nothing useful. By the time you SSH into the node, the container is gone, and you're left guessing what happened in those final moments. This is the reality of debugging modern applicatio...
Join discussion
Nov 20, 2025 · 15 min read · We’re happy to release ioflame, an I/O tracing tool that we developed internally to debug high I/O latency and wait time. ioflame attaches to the Linux kernel block level with eBPF probes, tracing all I/O activity. The resulting output of the trace i...
Join discussionNov 15, 2025 · 6 min read · This whole project started with a simple idea: build something with FastAPI and containers, and see how far that rabbit hole goes.It ended with me inspecting HTTP packets in the Linux kernel and running a machine learning model on them, which was not...
Join discussion