Explore a comprehensive conference talk on leveraging Extended Berkeley Packet Filter (eBPF) to identify suspicious behaviors in Kubernetes environments. Delve into AWS's approach to detecting security risks such as communication with command and control systems, Tor clients, and cryptocurrency miners. Learn about the challenges in securing Kubernetes, various approaches to threat detection, and why AWS chose eBPF over other options. Gain insights into eBPF's functionality, advantages, and disadvantages, as well as common use cases. Discover how AWS implements eBPF in GuardDuty, including system call tracing techniques, rich container and process context collection, and on-host versus backend processing. Examine an example scenario of command injection exploitation and the resulting detections. Conclude with actionable insights for enhancing Kubernetes security using eBPF technology.