RPRavidu Priyankarainravindu-priyankara.hashnode.dev·5d ago · 9 min readSqueezing Bytes: How I Optimised an eBPF Driver in Falco1. How I Found This Opportunity I wanted to make my first open source contribution, so I decided to fork a few eBPF projects — one of them being falcosecurity/libs. After compiling and running Falco, 00
SServers99inservers99.hashnode.dev·Jun 18 · 3 min readMoving Beyond CI/CD: Securing Kubernetes at Runtime with eBPFIf your container passes a CI/CD vulnerability scan, is it safe to run in production? Many engineering teams assume the answer is yes. But a clean image scan is just a green light to deploy—it is not 00
RPRavidu Priyankarainravindu-priyankara.hashnode.dev·Jun 8 · 18 min readThe Case of the Disappearing eBPF Instruction: Inside Map FD Relocation and BPF_LD_IMM64While reading the disassembly of a compiled eBPF program I was working on, I noticed something strange — the 6th instruction was missing. Reading through the full disassembly again, I realized it wasn00
RPRavidu Priyankarainravindu-priyankara.hashnode.dev·May 18 · 7 min readeBPF Macros Are Just Costumes for ELF MetadataIn the previous part, we explored how our eBPF maps changed during preprocessing time. At first, those transformations looked strange. But after digging deeper, it became clear that most of the “speci00
NVNaveenKumar VRinclaybrainer.com·May 17 · 11 min readKubernetes Networking Tools: A Layer-by-Layer Guide to What Fits WhereIf you are in the DevOps world, especially the Kubernetes world chances are you have heard a lot of buzz around Kubernetes networking tools. And recently, with the announcement around NGINX Ingress de00
RPRavidu Priyankarainravindu-priyankara.hashnode.dev·May 11 · 10 min readeBPF Map Definitions Are Fake — And That’s the PointI originally just wanted to observe what really happens after an eBPF hash map gets populated at runtime. To explore that, I built a very small tracing program and started digging into how maps actual00
RPRavidu Priyankarainravindu-priyankara.hashnode.dev·May 5 · 12 min readWhen Killing a Process Doesn't Kill the Risk: How PID Reuse and Stale eBPF State Caused Cascading False Positives in KernelEyeDuring kernelEye detection rule adjustments, I encountered an interesting bug worth sharing. The issue can be reproduced and understood within a few minutes through the write-up or the debugging video00
FDFundacja Dobre Państwoinfundacjadobrepasntwo.hashnode.dev·May 3 · 1 min readCilium and eBPF: The New Networking Paradigm in KubernetesThis article examines the revolutionary impact of eBPF technology on the Kubernetes ecosystem, focusing on Cilium. The author exposes the limitations of traditional networking models based on static IP addresses and kube-proxy, proposing instead dyna...00
STSamson Tanimawoinnovaaiops.hashnode.dev·Apr 26 · 3 min readeBPF for SREs: Observability Without AgentsThe Agent Problem Traditional monitoring means shipping an agent with every service. That agent: Adds memory overhead Needs to be updated Gets out of date Breaks with kernel upgrades Needs instrumentation code eBPF says: what if the kernel itself c...00
CCorrelicincorrelic.hashnode.dev·Apr 20 · 13 min readYour AI Agent Got Poisoned Through a Tool Description. Here's Why Only the Kernel Saw It Coming.MCP tool poisoning is the attack you can't see in your UI. We built the defense you can see in your kernel. In Part 3, I covered how we taught Correlic's AI investigation layer to analyze security inc00
