Offensive BPF: Understanding and using bpf_probe_write_user

This post explores how BPF (Berkeley Packet Filter, a technology that allows running custom programs inside the Linux kernel) can be used offensively, specifically focusing on the bpf_probe_write_user function (a helper that lets BPF programs modify user-space data during execution). The author documents their process of learning to write advanced BPF programs in C using libbpf to manipulate filenames, hide directories, and simulate ransomware attacks while also considering detection methods.