CanSecWest 2022 has ended
Back To Schedule
Friday, May 20 • 11:30 - 12:30
When eBPF meets TLS!

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Currently a work in-progress that will be extended for the final version, this submission aims at demystifying the eBPF technology for the security community. While it is currently well-known in cloud environments (such as process visibility and programmable network flows), eBPF has had little experimentation  when it comes to its usage as a building block of security focused tools.

The purpose of this proposal is to achieve a step by step introduction to eBPF by providing working examples of four different eBPF programs and tools:
  • Identify the network traffic of a specific process
  • Detect processes doing TLS traffic
  • Dump TLS session from a process memory
  • Intercept a process traffic transparently
Ultimately, this collection of programs could be used to develop a tool that can seamlessly intercept a process TLS traffic and modify it.


Guillaume Valadon

Director of Security Resarch, Quarkslab
Guillaume Valadon is the Director of Security Resarch at Quarkslab and holds a PhD in networking. He likes looking at data and crafting packets. In his spare time, he co-maintains Scapy and learns reversing embedded devices. Also, he still remembers what AT+MS=V34 means! Guillaume... Read More →

Friday May 20, 2022 11:30 - 12:30 PDT
Main CanSecWest Ballroom - Sheraton Wall Center 1000 Burrard St, Vancouver, BC V6Z 2R9