Richard Johnson

Richard Johnson is a computer security specialist with a focus on software vulnerability analysis. Currently Principal Security Researcher at Fuzzing IO, a research and development company offering professional training and consulting services, Richard offers over 18 years of professional expertise and leadership in the information security industry including past positions as Director of Security Research at Oracle Cloud Infrastructure and Research Lead roles at Cisco Talos and Microsoft. Richard has been speaking at Toorcon since 2004 and has taken the stage for talks and training at many other premier conferences including Black Hat, RECON, and Hack in the Box.

The speaker's profile picture


Extra Better Program Finagling (eBPF) for Attack and Defense
Richard Johnson

Program instrumentation and tracing is a key component of any offensive persistence framework or defensive endpoint detection and response (EDR) technology. This talk will focus on the latest tracing infrastructure known as Extended Berkeley Packet Filters (eBPF) which is currently supported on Linux and is coming to Windows as well. eBPF is complex with several front end languages and backend hooking engines. This talk will explain how eBPF works, what it takes to write eBPF based hooks, and demonstrate two simple tools for verfiying or infecting ELF binaries on the fly.

The Point