A while back I spent some time at work learning about eBPF Maps, to understand the consequences of a malicious user tampering with them, plus ways to detect such an attack.

It’s nothing new to eBPF veterans, but others might find it interesting: Mapping It Out: Analyzing the Security of eBPF Maps

I’ve also got a PoC looking at how to use eBPF to monitor and log eBPF map alterations. It was less straightforward than I thought it would be, which was interesting: BPF-Mon