Background While I was learning about making things like rootkits and linux kernel modules (post coming soon!) I stumbled upon BPFs or Berkeley Packet Filters and you can hook system calls with them and was presented as a “safer/modern alternative” to something like a linux kernel module for hooking system calls. WTF is it? It’s a program that runs in a virtual machine alongside the kernel to filter things like network traffic or to secure a system, an example is Kube Armor!