Ryan Hasmatali
Software Developer
eSentire
About
Ryan Hasmatali is a seasoned software developer at eSentire with nearly a decade of experience in the cybersecurity industry. A University of Waterloo graduate, Ryan currently serves on eSentire's Labs team, where he focuses on transforming and streamlining business processes through innovative technology solutions. Throughout his career, he has developed deep expertise in security-focused software development, with a particular emphasis on systems programming and threat research. In recent years, Ryan has expanded his research into malware development, specializing in Rust-based malware engineering to better understand modern threat vectors and defensive strategies. His work combines practical software engineering with cutting-edge security research, contributing to eSentire's mission of providing comprehensive cybersecurity solutions while bridging the gap between traditional software development practices and the evolving landscape of cybersecurity threats.
Sessions
Heimdall EBPF Security
What you will learn:
1. Differentiate between eBPF hook types — tracepoints, kprobes, uprobes, and LSM hooks — and select the right one for a given security monitoring or enforcement use case 2. Build eBPF security programs in Rust using the Aya framework without writing C or depending on BCC 3. Implement LSM BPF hooks (bprm_check_security, socket_connect, security_task_kill) to block threats at the kernel level before syscalls complete 4. Navigate eBPF verifier constraints in practice — stack limits, bounded loops, per-CPU arrays, and kernel struct offset portability across kernel versions 5. Detect fileless malware by tracing memfd_create syscalls and capture TLS plaintext via OpenSSL uprobes without a MITM proxy