“Pool Party” process injection techniques evade EDRs

SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the researchers, they went undetected when tested against five leading EDR/XDR solutions, namely:

Source: Help Net Security

 


Date:

Categorie(s):