Offensive BPF: Using bpftrace to host backdoors

This post describes how to use bpftrace (a tool for tracing Linux kernel events) to create a backdoor that executes commands when it receives a specific secret message on any port. The author explains how to use enter and exit trace points (hooks into when functions start and finish) to capture data from network reads, then compare that data against a trigger message to run malicious commands.