We'll use machine learning to perform anomaly detection on system calls to instrument the behavior of a process, namely an EDR such as Crowdstrike. Beginning with a primer on eBPF and unsupervised learning, we'll deploy an eBPF program to monitor a process; letting us uncover precisely what makes it tick so that we can craft our malware and attack strategies accordingly. We'll pass all this data through machine learning tools such as Tensorflow, and use the outputs to guide our decision making. Later we'll cover other use-cases in this exciting new area of technology for defense, offense and reversing - the possibilities are near endless!