Offensive BPF! Getting started.

eBPF (extended Berkeley Packet Filtering, a technology that lets users run small programs inside the Linux kernel without modifying kernel source code) is gaining attention for offensive security uses because it can hook into system calls, manipulate data, and even run on network hardware. The article introduces eBPF's structure (programs, maps, and events) and explains how attackers could potentially exploit its flexibility and power to hook into system functions, modify data, and spawn processes.