Using new syscalls for read/write arbitrary memory on Linux.
Even though well known methods exist to bypass ptrace deactivation on a process when spawning (fake ptrace() preloading, breakpoint on ptrace(), etc... ), it is trickier when process is already protected. Thankfully Linux 3.2+ was generous enough...