June 28, 2024 at 01:26AM Water Sigbin utilizes DLL reflective and process injection to deploy the PureCrypter loader and XMRIG crypto miner, exploiting vulnerabilities in Oracle WebLogic servers. Fileless execution via PowerShell scripts enables evasion of disk-based detection, while .Net Reactor protection ensures code obfuscation. The threat actor employs multiple advanced tactics, emphasizing the need … Read more
December 11, 2023 at 01:18AM A new set of process injection techniques called PoolParty was presented at Black Hat Europe 2023. These techniques allow code execution in Windows while evading endpoint detection and response systems. SafeBreach researcher Alon Leviev highlighted their capability to work across all processes, making them more flexible than existing techniques. PoolParty … Read more
December 7, 2023 at 08:54AM The ‘Pool Party’ is a collection of eight novel Windows process injection methods that escape detection by endpoint detection and response (EDR) tools. Takeaways from the meeting notes: 1. “Pool Party” is a name given to a new collection of eight Windows process injection techniques. 2. These techniques are capable … Read more