The paper discusses how malware and malicious actors use built-in capabilities for process injection to compromise Linux OS security and evade detection by security tools; it highlights the importance of using eBPF for observing process injection, offering insights on detecting and preventing this threat to system integrity and data security. ```
https://www.sans.org/white-papers/run-cannot-hide-process-memory-observing-process-injection-ebpf-linux