Recent Posts

The evolution of eBPF (extended Berkeley Packet Filter) has been one of the most significant developments in Linux system observability and networking over the past decade. As we look at the landscape in early 2025, several key trends have emerged that showcase eBPF’s growing influence and future directions.

If you’ve been following the Linux kernel development community over the past few years, you might have noticed an interesting emerging trend in the field of memory persistence when using kexec to boot into a new kernel.

The Extended Berkeley Packet Filter (eBPF) has revolutionized how we extend and observe the Linux kernel. However, with great power comes great responsibility, and securing eBPF programs has been a persistent challenge in the Linux kernel community. Today, I want to share an innovative approach to eBPF program signing that addresses some fundamental challenges in this space.

Understanding struct __sk_buff

How to pretend to be a Linux kernel expert

OverTheWire Advent writeup — Boxy

CSAW CTF writeup — A Tour of x86

The design of lock_sock() in Linux kernel

How to pave a way to fascism legally?

BlazeCTF writeup — shellcodeme_hard