Evil eBPF programs can hide their presence from the bpf syscall as well.
Interesting. Any good read you'd recommend on the topic/attack? Thanks.
Look up "eBPF rootkits"
This is a good article about one found in the wild: https://www.synacktiv.com/en/publications/linkpro-ebpf-rootk...
Interesting. Any good read you'd recommend on the topic/attack? Thanks.
Look up "eBPF rootkits"
This is a good article about one found in the wild: https://www.synacktiv.com/en/publications/linkpro-ebpf-rootk...