In recent years eBPF became the most rapidly growing subsystem in Linux kernel.
At the same time, not surprisingly, we hear more and more about vulnerabilities there. In this talk, Sergey will present the history and evolution of eBPF virtual machine, discovered bugs and fixes that supposed to mitigate security issues but instead made them the best way to go for LPE. Sergey presents an approach on how to automate bugs discovery. Finally, we’ll talk about exploitation and post-exploitation the eBPF, which makes it the most stable code execution that’s ever been possible.
About the speaker
Sergey Ivanov is an independent Vulnerability Researcher with many years in the industry across a wide range of targets. Sergey recently spoke at zer0con, offzone and zeronights.