Offensive BPF: Malicious bpftrace 🤯

This post explores how bpftrace, a tool for running BPF programs (eBPF, extended Berkeley Packet Filter, which lets programs monitor and modify system behavior at a low kernel level), could potentially be misused to create backdoors by observing network traffic and triggering malicious actions. The author is studying this offensive technique to better understand security threats and help defenders recognize such attacks.