[drtgh]

bypass eBPF, just the first search,

https://www.form3.tech/engineering/content/bypassing-ebpf-to...

"Executing the program in the demo pod allows us to confirm that the system call is not detected"

https://news.ycombinator.com/item?id=33235434

[tptacek]

This isn't a bypass of "eBPF", so much as it is a bypass of a detection system that watches only the write(2) system call, and not writev(2), sendfile(2), or io_uring.

[drtgh]

eBPF, I thought we were friends! https://www.youtube.com/watch?v=5zixNDolLrg

eBPF, A new frontier for malware https://redcanary.com/blog/ebpf-malware/

How Hackers Use eBPF https://cymulate.com/blog/ebpf_hacking/

Linux eBPF Stack Trace Hack https://www.brendangregg.com/blog/2016-01-18/ebpf-stack-trac...