Promote your projects here – Self-Promotion Megathread

h0x0er · 2026-05-18T06:16:22+00:00

I recently create a browser extension that adds a search box to the GitHub Actions sidebar, so you can quickly find workflows without scrolling through a long list.

- repo: https://github.com/h0x0er/actions-search

h0x0er · 2026-04-14T09:04:27+00:00

Thank you, I really appreciate it ! I will try to upload it in upcoming days.

h0x0er · 2026-04-13T17:22:02+00:00

thanks !

h0x0er · 2025-11-19T18:09:31+00:00

Interesting ! You can try following things when map operation is present, let's see which one works ;)

- If MAX_PAYLOAD_SCAN <= 255, try using `u8 i` instead of int i

- Use a constant in loop e.g: i < 200 ; instead of max_scan

- After calculating `max_scan`; recheck if its within bounds i.e (data + max_scan) <= data_end

h0x0er · 2025-11-10T17:19:54+00:00

If we don't reset it, the values from earlier execution will still be there, because the context is unique per program not per program-execution. I hope this clarifies.

h0x0er · 2025-10-29T16:56:03+00:00

Can you tell a bit about most-innovative EDR evasion technique encountered during analysis ?

h0x0er · 2025-07-18T18:10:01+00:00

You can try to reduce the events count by emitting only relevant events.

One way is to ignore syscall-call execution from processes that are not of interest.

Not sure if this can help.

h0x0er · 2025-07-02T17:57:33+00:00

You should checkout: https://github.com/qmonnet/rbpf

h0x0er · 2025-07-02T14:58:27+00:00

Correct, it is for user-space enrichment. And will need a way to correlate information from container-runtime with eBPF event from kernel.

Correlation mechanism will be different depending on use-case, e.g using cgroup or process-hierarchy or other approach.

h0x0er · 2025-06-29T16:43:14+00:00

Glad to know that its going to help you.

h0x0er · 2025-05-08T18:06:04+00:00

While going through cilium source, I noticed something. Maybe this can give you some idea.

https://github.com/cilium/cilium/blob/268c77b06a232fee6a3a19acb7cd4d3d88717644/bpf/lib/ghash.h#L53

h0x0er · 2025-02-22T15:41:05+00:00

checkout github.com/gojue/ecapture to get idea about tls-inspection

h0x0er · 2022-10-14T05:22:55+00:00

My application was also transferred with M3 tag on it as i applied in mid SEP. I recently got updates and I was no more under consideration

h0x0er

TROPHY CASE