Recent Posts

If you’ve been following the Linux kernel development community over the past few years, you might have noticed an interesting emerging trend in the field of memory persistence when using kexec to boot into a new kernel.

The Extended Berkeley Packet Filter (eBPF) has revolutionized how we extend and observe the Linux kernel. However, with great power comes great responsibility, and securing eBPF programs has been a persistent challenge in the Linux kernel community. Today, I want to share an innovative approach to eBPF program signing that addresses some fundamental challenges in this space.

Understanding struct __sk_buff

How to pretend to be a Linux kernel expert

OverTheWire Advent writeup — Boxy

CSAW CTF writeup — A Tour of x86

The design of lock_sock() in Linux kernel

How to pave a way to fascism legally?

BlazeCTF writeup — shellcodeme_hard

BlazeCTF writeup — shellcodeme