I've been thinking about building a platform like this for a while, and it was quite fun to build.
Let me know if you have questions or ideas for new exercises.
self_awareness•3w ago
This is really cool.
Are you planning to add "lessons" related to deployment? For example, using libbcc vs CO-RE?
deivid•3w ago
I wanted to add all kind of exercises, but I'm not sure what's a good way of presenting a deployment exercise.
On libbcc specifically, I'm not sure it's worth it, CO-RE / BTF is where things are heading, and any reasonably new kernel supports it (<5 years old)
0x4a50•3w ago
Thanks for making this, looking forward trying it out!
mattrighetti•3w ago
Nice, always wanted to get my hands on eBPF and this looks like a good way to try it out. Thanks!
flipped•3w ago
For all it's innovative way of kernel programming, isn't eBPF a huge attack surface? Even a paradise for rootkit devs, perfectly able to hide using eBPF features.
razighter777•3w ago
Yes, but you need cap_bpf now to load ebpf programs.
shorden•3w ago
Also worth noting that the verifier is under active development not only to verify more legitimate programs, but also to reject programs with exploits and side channels (and there are runtime defenses too, like dead code elimination and ALU sanitation).
natas•3w ago
@deivid I would certainly buy a pdf or book with this and more examples (with full source code).
Just a hint if you want to change the world and make a few bucks :)
deivid•3w ago
I've been thinking about building a platform like this for a while, and it was quite fun to build.
Let me know if you have questions or ideas for new exercises.
self_awareness•3w ago
Are you planning to add "lessons" related to deployment? For example, using libbcc vs CO-RE?
deivid•3w ago
On libbcc specifically, I'm not sure it's worth it, CO-RE / BTF is where things are heading, and any reasonably new kernel supports it (<5 years old)
0x4a50•3w ago