You Can Run but You Cannot Hide (In Process Memory): Observing Process Injection with eBPF in Linux
Use of built-in capabilities for injecting malicious code as a persistence technique is used by malware and malicious actors to compromise the security of Linux operating systems and evade detection by security tooling and threat hunters.