eBPF in action: Practical use cases for Cloud-Native teams

RSVP HERE
[https://community.cncf.io/events/details/cncf-cloud-native-tel-aviv-presents-ebpf-in-action-practical-use-cases-for-cloud-native-teams/ ](https://community.cncf.io/events/details/cncf-cloud-native-tel-aviv-presents-ebpf-in-action-practical-use-cases-for-cloud-native-teams/)

Join us for an evening of great sessions and sharp insights into the world of eBPF, one of the fastest-growing technologies in cloud-native observability and security. Whether you’re new to eBPF or already experimenting with it in production, this meetup will offer practical knowledge and fresh perspectives from speakers with real hands-on experience.

### Agenda

17:30 – 18:00 | Welcome, pizza & beers
18:00 – 19:30 | Speaker sessions
19:30-20:00 | Community hangout

### 18:00 - 18:30 - Metricating eBPF: The Complete Guide to Observing eBPF Programs

eBPF programs can be challenging - not just to write, but to debug and monitor at scale. Traditional debugging methods like printf are limited and unusable in production environments. In this talk, we’ll explore a powerful eBPF telemetry approach designed to track and observe millions of eBPF programs in real time, making large-scale visibility finally accessible and practical.

#### Speaker: Ori Shussman, Founding Engineer @groundcover

Ori Shussman is a seasoned Linux and kernel developer with a strong focus on eBPF technology, which he began exploring long before it became mainstream. His work dives into how eBPF can transform Kubernetes observability, offering powerful, low-overhead visibility into modern infrastructure. He is currently pursuing studies in Neuroscience and Psychology, and outside of his technical work, enjoys practicing yoga and playing guitar.

### 18:30 - 19:00 - Observing the Observer: When your probes need profiling

eBPF has transformed system instrumentation across cloud environments, but how do you profile the performance of your eBPF programs themselves? This talk explores the challenges of measuring CPU utilization and runtime characteristics of eBPF probes before your monitoring solution becomes the thing that needs monitoring.

#### Speaker: Keren Kotler, Sennior Software Engineer @Pelanor

Keren is a software engineer, working in Rust on Pelanor's observability infrastructure. After leading the AI inference compiler team at Hailo, she found the ultimate verification challenge: the eBPF loader. When she’s not optimizing systems code, you can probably find her doing Capoeira — a passion that never got old.

### 19:00 - 19:30 - From Syscalls to Shellcode: Detecting Advanced Attacks with eBPF

Runtime security requires deep visibility into system behavior that traditional monitoring approaches simply cannot provide. This talk explores how eBPF revolutionizes attack detection through Aqua Security's open-source Tracee project. We'll dive into a novel detection technique: identifying shellcode execution through syscall source analysis. Beyond security, we'll explore Traceeshark - a set of Wireshark plugins that bring Tracee's rich runtime security and system observability capabilities into familiar network analysis workflows, opening new possibilities for both security teams and observability engineers. Whether you're defending against threats or gaining deeper system insights, this session shows how eBPF's kernel-level programmability enables previously impossible detection capabilities.

#### Speaker: Ofek Shaked, Security Researcher @Aqua Security

Ofek Shaked is a security researcher at the Aqua Security team Nautilus, which focuses on cybersecurity research of the cloud native stack. Ofek's expertise lies in Linux internals and security, malware and rootkit techniques, as well as advanced Linux tracing and eBPF. With a deep understanding of these fields, Ofek specializes in developing advanced behavioral analyses to detect malware and rootkit activity and to defend against them in real-world cloud environments.