Add links to eBPFChirp newsletter tutorials and guides #107
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
qmonnet
requested changes
Oct 2, 2024
qmonnet
requested changes
Nov 18, 2024
| - [Can eBPF Detect Redis Message Patterns Before They Become Problems?](https://cloudchirp.substack.com/p/can-ebpf-detect-redis-message-patterns) - A step-by-step guide how eBPF can observe Redis communication between client and server. | ||
| - [Transparent Proxy Implementation using eBPF and Go](https://cloudchirp.substack.com/p/transparent-proxy-implementation) - A step-by-step guide on how to implement a transparent proxy using eBPF. | ||
| - [eBPF-Powered Load Balancing](https://cloudchirp.substack.com/p/ebpf-powered-load-balancing-for-so_reuseport) - Learn how eBPF can infer custom load-balancing for services listening on the same port, through the SO_REUSEPORT TCP option. | ||
| - [Unit Testing eBPF Programs](https://ebpfchirp.substack.com/p/unit-testing-ebpf-programs) - Learh how you can unit test your eBPF programs using libbpf. |
There was a problem hiding this comment.
Suggested change
| - [Unit Testing eBPF Programs](https://ebpfchirp.substack.com/p/unit-testing-ebpf-programs) - Learh how you can unit test your eBPF programs using libbpf. | |
| - [Unit Testing eBPF Programs](https://ebpfchirp.substack.com/p/unit-testing-ebpf-programs) - Learn how you can unit test your eBPF programs using libbpf. |
| @@ -370,6 +378,9 @@ If you are new to eBPF, you may want to try the links described as "introduction | |||
| - [ebpfkit-monitor](https://github.com/Gui774ume/ebpfkit-monitor) - An utility to statically analyze eBPF bytecode or monitor suspicious eBPF activity at runtime. It was specifically designed to detect ebpfkit. | |||
| - [Bad BPF](https://github.com/pathtofile/bad-bpf) - A collection of malicious eBPF programs that make use of eBPF's ability to read and write user data in between the usermode program and the kernel. | |||
| - [TripleCross](https://github.com/h3xduck/TripleCross) - A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities. | |||
| - [Securing Kubernetes Workloads using LSM-BPF](https://ebpfchirp.substack.com/p/securing-kubernetes-workloads-using) - Learn how tools like KubeArmor leverage LSM-BPF to prevent malicious attacks such as Ransomware or Cryptojacking. | |||
| - [Protecting HashiCorp Vault using KubeArmor](https://ebpfchirp.substack.com/p/protecting-k8s-secrets-using-kubearmor) - Learn how KubeArmor blocks malicious attacks on HashiCorp Vault and why use it instead of solutions like Tetragon or Falco. | |||
There was a problem hiding this comment.
I have reservations about this link, and in particular about pushing KubeArmor over Tetragon for the wrong reasons:
Tetragon, while capable of blocking threats, only does so after malicious actions have already occurred.
This is not correct. Tetragon blocks the syscall before it succeeds. I invite you to get in touch with the Tetragon folks for more details. See also https://tetragon.io/docs/concepts/enforcement/#override-return-value
(Disclaimer: I used to work at Isovalent)
My suggestion would be to remove this link from your PR for now, merge the rest of the PR, and we can discuss adding the link again after this point is fixed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@qmonnet Feel free to suggest any changes I should apply.