shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

255
active users

#ebpf

0 posts0 participants0 posts today

Hey hey! More #eBPF #malware in the wild, this one targeting Juniper devices.

EDIT: I don't think this is eBPF. As was pointed out in the replies, this is a BSD-based OS, which does not normally implement eBPF. Also I'm not seeing any eBPF code here. This would appear to be plain old-school BPF.

blog.lumen.com/the-j-magic-sho

Lumen Blog · The J-Magic Show: Magic Packets and Where to find themA backdoor tailored to Juniper routers that hides the activation signal in regular traffic using “Magic Packets” to give access to an attacker

"'First, Torvalds is sorry to report that sched_ext, an extensible scheduler for building scheduling policies with #eBPF, will not be included in the next #LinuxKernel release. He hopes, though, literally knocking on wood, that it will be in the forthcoming #Linux 6.12 release.

Torvalds added, "Some features take longer than that. […] the real-time Linux project […] they hope it will soon be ready to be completely merged in the upstream kernel this year.""'

zdnet.com/article/linus-torval #kernel

ZDNET · Linus Torvalds talks AI, Rust adoption, and why the Linux kernel is 'the only thing that matters'By Steven Vaughan-Nichols

"'We show that eBPF is Turing complete, which means it can be used for any computable problem'

[…]

Implementing Game of Life entirely in #eBPF means that it is Turing complete, so any computable problem that can be solved in any programming language, can also be solved in eBPF. Those complex problems that people thought were beyond the capabilities of eBPF, like parsing application-level protocols, or terminating TLS connections, are now shown to be possible. […]"

isovalent.com/blog/post/ebpf-f #BPF

isovalent.comeBPF for Anything! - IsovalentWe show that eBPF is Turing complete, which means it can be used for any computable problem, via the game of life demo

So how much of a problem is eBPF malware really? given the mitigations, namely that modification of syscall returns is per white list and that writing to userspace is something a root process can usually do anyway via ptrace (mod yama), I wonder how much of an added boon to malware authors this really is. are there any stronger upsides to building malware on top of eBPF?

#ebpf#infosec#linux

In the interests of getting back on the conference speaking circuit after 4 years off of it, here's the last thing I spoke on at DevSecCon - using #eBPF to trace all internet-bound TCP connections.

This was a very early version of the thing, it's now totally native packaging and also supports modules, locally cached DNS reverse resolution, container name attestation, listens and UDP. But I haven't done a talk about all of that :P

youtube.com/watch?v=K6ZRAz58fi

Code is at github.com/Yelp/pidtree-bcc