You Can Run but You Cannot Hide (In Process Memory): Observing Process Injection with eBPF in Linux

Use of built-in capabilities for injecting malicious code as a persistence technique is used by malware and malicious actors to compromise the security of Linux operating systems and evade detection by security tooling and threat hunters.
Melissa Bischoping
May 3, 2024

All papers are copyrighted. No re-posting of papers is permitted