Hi!

I’m Mahé, a Security Engineer working at Isovalent (now acquired by Cisco).

I was previously an R&D security engineer at Quarkslab working on Kubernetes security and vulnerability research, doing a bit of fuzzing. Before that I also worked at Flowdesk, a fintech startup, as a devops. I hope you’ll find some interesting content here, some articles are links to my published work, and others are more or less finished notes on technical topics.

A Deep Dive into Golang Memory

Let’s try to understand the memory use of an application written in Golang. For memory management, Golang uses garbage collection which means that allocating and freeing memory is mostly transparent to the user. While it makes the manipulation of memory easy at first glance, troubleshooting memory issues requires you to understand how the garbage collector works. The quote part of this article are cut-outs from Golang Documentation: A Guide to the Go Garbage Collector. Note that it might be outdated, the article was written as of v1.22. Here are some other important resources: Go: The Optimization guide and Go: Diagnostics. There are so many resources out there (and I’m adding another one!), but I found this Google groups message to have good links as well. You will find more links through the article. ...

October 29, 2024 · Mahé Tardy

gRPC-Go: Built-in Client Retry Mechanism

gRPC recently deprecated its grpc.Dial in favor of the new grpc.NewClient. The latter performs no I/O and lazily connects when you are eventually doing a RPC call. It changed the way we perform retry in tetra, the CLI of Tetragon because we previously used the connect that happened at the client creation (with grpc.Dial and WithBlock) to make sure the connection was possible, and retry in this case. This wasn’t extremely resilient but had the good taste of being in a single place for all subcommands that will make an RPC call: during client creation. ...

July 24, 2024 · Mahé Tardy

Memory Management on Kubernetes with Golang and eBPF: Deep Dive

tl;dr: please jump directly to the conclusion if you think you already have some knowledge about memory and just want the recap. The conclusion links back to the other sections for more details. Disclaimer This (long) article is a Frankenstein 🧟 compilation of personal digest notes on various topics. Some sections are direct digests or extracts of very good resources I found on the topic and could not write something better: ...

July 3, 2024 · Mahé Tardy

Introduction to Tetragon: real-time observability and security based on eBPF

The article is available on MISC magazine website. Note that this article is available behind a paywall, and in French. This article is an introduction to Tetragon, the project I’m working on at Isovalent.

November 1, 2023 · Mahé Tardy

First contact: try Tetragon on Linux

This guide was originally published in the Tetragon documentation. It was first part of the getting started guides, but was later replaced and move to the tutorials section, that was later removed. Since we don’t want to maintain this guide anymore, it would have a good end of life on a blog if it can be useful to some people. Note that this guide is not a tutorial on how to deploy Tetragon standalone (i.e. without Kubernetes), you can see the container deployment and package deployment guides for that. This is just a walkthrough to try and experiment Tetragon for the first time. ...

April 27, 2023 · Mahé Tardy

Crashing Microsoft OMI with fuzzing

The article is available on Quarkslab’s blog. It explains the discovery of Microsoft OMI and how I fuzzed it to discover some crashes. It then details the finding and how they work.

March 31, 2023 · Mahé Tardy

Introducing Falco audit results

The article is available on Quarkslab’s blog. The corresponding article on Falco blog is also available. It presents the findings of our audit of Falco. You can find the complete audit report here.

March 22, 2023 · Mahé Tardy

New security features in Kubernetes

The article is available on MISC magazine website. Note that this article is available behind a paywall, and in French. In this article, we focus on what’s new in Kubernetes security enhancements on versions still being maintained at the time of writing: 1.22, 1.23 and 1.24 released in August 2021, December 2021 and May 2022 respectively.

October 1, 2022 · Mahé Tardy

PodSecurityPolicy: The Historical Context

The article was originally published on kubernetes.io blog. The PodSecurityPolicy (PSP) admission controller has been removed, as of Kubernetes v1.25. Its deprecation was announced and detailed in the blog post PodSecurityPolicy Deprecation: Past, Present, and Future, published for the Kubernetes v1.21 release. This article aims to provide historical context on the birth and evolution of PSP, explain why the feature never made it to stable, and show why it was removed and replaced by Pod Security admission control. ...

August 23, 2022 · Mahé Tardy

Black Hat, KubeCon and Kernel Recipes

During the last three months, I had the opportunity to go to multiple events. First, a proposal I submitted to Black Hat Asia Arsenal was accepted to present kdigger, a Kubernetes security tool. Then I had the chance to go to the KubeCon Europe to meet the people with whom I interacted in the project. And finally, I got the last few tickets for a kernel developer conference in Paris, Kernel Recipes. ...

July 4, 2022 · Mahé Tardy

Kubernetes and HostPath, a Love-Hate Relationship

The article is available on Quarkslab’s blog. It traces the history of three Kubernetes-related vulnerabilities. Explaining what they are, how they were patched, and how they are related. The exploitation of these vulnerabilities allowed access to the underlying host filesystem for users that were not properly authorized.

March 3, 2022 · Mahé Tardy

kdigger: a Context Discovery Tool for Kubernetes

The article is available on Quarkslab’s blog. It’s an introduction to Kubernetes security through the release of a new context discovery tool, kdigger, and its mini CTF companion, minik8s-ctf.

October 7, 2021 · Mahé Tardy

Arbitrary code injection in Super Mario Bros 3

This project was done for between the end of my last TLS-SEC semester and the beginning of my final year internship. We were in pairs and had to choose our subject. We chose to work on code injection in video game via the game commands themselves. Abstract During this project, we tried to answer the question: "can you inject code and take control of the execution of a video game just by using its gameplay elements?". The answer is "yes" and along the journey, we discovered the whole universe of tool-assisted speedrun1 and its community. From manually injecting Flappy Bird into Super Mario World to doing a Skype communication via Zelda on a Super Nintendo Entertainment System, the range of possibilities is incredible. ...

March 14, 2021 · Mahé Tardy

Summer Internship: Reflexive Programming Language Framework

This internship was a collaboration between INP-ENSEEIHT, Toulouse, France and Kyoto University of Advanced Science, Kyoto, Japan. It took place during the summer of 2020, when the Covid-19 pandemic prevented me from going to Japan, so it was unfortunately a remote internship. You can find all the sources of the project in the github repository. Abstract During this summer internship, Pr. Ian Piumarta and myself implemented a prototype-based programming language, simple and reflexive by design. Programs written in this language can inspect themselves because the produced abstract syntax tree is stored in a common data structure. They can also extend the language functionalities and modify the primitive structures using the language syntax. ...

November 30, 2020 · Mahé Tardy