Mastodawn

We implemented the rule engine in our eBPF-based security monitoring agent Bombini: https://github.com/bombinisecurity/bombini
Rule evaluation is blazingly fast and works entirely in eBPF!
Check out the docs: https://bombinisecurity.github.io/bombini/configuration/rules.html

Feel free to give us any feedback! Contributions are welcome!

#ebpf #kubernetes #security #cloudnative

Andrey Fedotov Dec 18

Paul Chaignon Dec 17

@cilium can enforce network policies based on FQDNs using a userspace proxy. At #LinuxPlumbers, @hemanthmalla proposed to move this to the kernel by implementing DNS parsing in #eBPF!

Recording: http://www.youtube.com/watch?v=ecQoxg2yHSE
Demo: https://youtu.be/0qmQ1bTBLHo
Slides: https://lpc.events/event/19/contributions/2157/attachments/1831/3921/eBPF%20FQDN%20-%20LPC%20Japan%2025.pdf

Andrey Fedotov Dec 18

Paul Chaignon Dec 17

Related to the previous #LinuxPlumbers talk, Raman Shukhau implemented and presented a small DNS server in eBPF!

Recording: http://www.youtube.com/watch?v=di2RcXVqPyM
Slides: https://lpc.events/event/19/contributions/2161/attachments/1832/3924/Simple%20DNS%20Server%20with%20BPF.pdf

Andrey Fedotov Nov 23

quarkslab Nov 19

Quarkslab engineers @robindavid1 Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by
@ostifofficial and funded by
@bitcoinbrink

Details on the blog post:

https://blog.quarkslab.com/bitcoin-core-audit.html

Congrats to developers for such software masterpiece !

Bitcoin Core audit - Quarkslab's blog

The Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core, the reference open-source implementation of the Bitcoin decentralized protocol.

Andrey Fedotov Oct 13

daniel:// stenberg://Oct 10

A new breed of analyzers.

And they use AI.

https://daniel.haxx.se/blog/2025/10/10/a-new-breed-of-analyzers/

A new breed of analyzers

(See how I cleverly did not mention AI in the title!) You know we have seen more than our fair share of slop reports sent to the curl project so it seems only fair that I also write something about the state of AI when we get to enjoy some positive aspects of this technology. … Continue reading A new breed of analyzers →

daniel.haxx.se

Andrey Fedotov Sep 27

https://github.com/trndcenter/bpfmeter
A tool for measuring eBPF programs' performance in k8s clusters #ebpf #k8s

GitHub - trndcenter/bpfmeter: Performance monitoring agent for eBPF programs

Performance monitoring agent for eBPF programs. Contribute to trndcenter/bpfmeter development by creating an account on GitHub.

GitHub

Andrey Fedotov Aug 10, 2025

I'm currently working on
[bombini](https://github.com/bombinisecurity/bombini): eBPF security monitoring agent based on Aya. It's fully written in Rust! If you are interested in eBPF and security observabilty, just have a look! Welcome for contributions!

#ebpf #rust #aya

GitHub - bombinisecurity/bombini: eBPF security monitoring agent based on Aya

eBPF security monitoring agent based on Aya. Contribute to bombinisecurity/bombini development by creating an account on GitHub.

GitHub

Andrey Fedotov Sep 26, 2024

Paul Chaignon Sep 26, 2024

The slides of my BPF fuzzing talk at Linux Plumbers 2024 are available at: https://pchaigno.github.io/assets/Linux%20Plumbers%202024%20Fuzzing%20eBPF.pdf. I described the current subsystem coverage from syzkaller and discussed several approaches that have been used, in syzkaller and elsewhere, to improve #eBPF fuzzing.