Aether: Engineering a Cross - Architecture Linux Process Injector

Process injection on Linux is often treated as a solved problem. Yet, many modern tools remain architecture-locked or are easily flagged by basic heuristic analysis. This session introduces Aether, a Linux process injection framework designed for today’s landscape. We will deep-dive into the technical hurdles of building a tool that handles both 32-bit and 64-bit processes seamlessly. Aether utilizes ptrace for attachment and PLT (Procedure Linkage Table) hooking for precise function interception. The talk goes beyond the basics by exploring a "Polyglot" approach to offensive tooling. We will demonstrate how wrapping a performance-heavy C/C++ injection core within a Rust-based FFI (Foreign Function Interface) tunnel creates a "safe" but powerful parasite. This hybrid architecture increases exploit stability. It also complicates the work of reverse engineers by fragmenting the call stack across language boundaries. Attendees will walk away with a functional understanding of Linux runtime code modification, the state of modern PLT hooking, and a roadmap for "oxidizing" legacy C++ tools to stay ahead of evolving detection engines.

Presented at Security Fest 2026.

About Lora

Hey, I'm Lora. I build tools that live in other people’s memory space. I’m a Linux security researcher and the developer of Aether, a 32/64-bit process injection framework. My recent work involves weaponizing Rust’s safety features to create more stable and undetectable C++ hybrids. I’m here to show you how process injection is evolving on Linux and why the future of offensive tooling is polyglot.