all InfoSec news
“Pool Party” process injection techniques evade EDRs
Help Net Security www.helpnetsecurity.com
SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the researchers, they went undetected when tested against five leading EDR/XDR solutions, namely: Palo Alto Cortex, SentinelOne EDR, CrowdStrike Falcon, Microsoft Defender For Endpoint, and Cybereason EDR. “Pool Party” process injection techniques “Process injection … More
The post …
code crowdstrike cybereason don't miss edr edrs endpoint security evade hot stuff injection malicious microsoft palo alto networks party poc pool party process processes process injection research researchers safebreach sentinelone solutions systems techniques threat detection undetected windows work xdr