December 11, 2023 at 01:18AM
A new set of process injection techniques called PoolParty was presented at Black Hat Europe 2023. These techniques allow code execution in Windows while evading endpoint detection and response systems. SafeBreach researcher Alon Leviev highlighted their capability to work across all processes, making them more flexible than existing techniques. PoolParty has achieved a 100% success rate against popular EDR solutions. This release follows the disclosure of another process injection technique named Mockingjay, emphasizing the ongoing need for proactive defense against evolving threats. For more exclusive content, follow us on Twitter and LinkedIn.
Key takeaways from the meeting notes:
– A new collection of process injection techniques named PoolParty was presented at the Black Hat Europe 2023 conference.
– PoolParty is capable of evading endpoint detection and response (EDR) systems and achieving code execution in Windows systems.
– It leverages the Windows user-mode thread pool to insert malicious code into target processes, targeting worker factories to take over worker threads.
– PoolParty has been found to achieve a 100% success rate against popular EDR solutions.
– This discovery comes on the heels of another process injection technique, Mockingjay, which could also bypass security solutions.
The meeting discussed the ongoing challenge of developing undetectable process injection techniques and the need for proactive defense against evolving threats.