homepage
Open menu
Contact Sales

You Can Run but You Cannot Hide (In Process Memory): Observing Process Injection with eBPF in Linux

Use of built-in capabilities for injecting malicious code as a persistence technique is used by malware and malicious actors to compromise the security of Linux operating systems and evade detection by security tooling and threat hunters.
By
Melissa Bischoping
May 3, 2024
Download

All papers are copyrighted. No re-posting of papers is permitted

470x382_Generic_Whitepaper.jpg

Related Content

Blog
DFIR - Blog - Defending Against SCATTERED SPIDER and The Com with Cybercrime Intelligence_340 x 340.jpg
Digital Forensics, Incident Response & Threat Hunting
Defending Against SCATTERED SPIDER and The Com with Cybercrime Intelligence
Due to the notoriety SCATTERED SPIDER and The Com have attracted as prolific cybercriminal threats, law enforcement has been tracking them closely.
Will_Thomas_370x370.png
Will Thomas
read more
Blog
DFIR - Blog - The Importance of Cyber Threat Intelligence- Insights from Recent Nobelium Attacks_340 x 340.jpg
Digital Forensics, Incident Response & Threat Hunting
The Importance of Cyber Threat Intelligence: Insights from Recent Nobelium Attacks
The persistent and sophisticated attacks by Nobelium highlight the critical role of cyber threat intelligence.
DFIR_ICON_(1).PNG
SANS DFIR
read more
Blog
ics blog image.png
Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting
A Visual Summary of SANS ICS Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS ICS Security Summit 2024
370x370-person-placeholder.png
Alison Kim
read more