"The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools"
The SafeBreach Labs team looked into the viability of using Windows thread pools as a novel attack vector for process injection. They discovered eight new process injection techniques dubbed Pool Party variants, which were capable of triggering malicious execution due to a legitimate action. The techniques could work across all processes without limitations, making them more adaptable than existing process injection techniques. When tested against five leading Endpoint Detection and Response (EDR) solutions, the techniques were found to be completely undetectable. This article continues to discuss the research behind the new process injection techniques.
Submitted by grigby1
Submitted by Gregory Rigby
on