CyberSecurityBoard
Sponsor Register Login

"Pool Party" process injection techniques evade EDRs

SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems.
To stymie EDRs, Leviev and his colleagues found a way to create an execution primitive based on the other two primitives.
The problem, Bar told Help Net Security, is that EDRs base their detection on the identity of the process that performs the action.
Leviev has shared the techniques with the audience at Black Hat Europe last week, and Safebreach has published proof-of-concept code that can be used for further research and development.
SentinelOne confirmed that their products effectively detect and, based on policy settings, terminate this threat on devices protected by their solutions.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Tue, 12 Dec 2023 11:43:19 +0000


Cyber News related to "Pool Party" process injection techniques evade EDRs

"Pool Party" process injection techniques evade EDRs - SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. To stymie EDRs, Leviev and his colleagues found a way to create an execution primitive based on the ...
1 year ago Helpnetsecurity.com
ID Theft Service Resold Access to USInfoSearch Data - One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least ...
1 year ago Krebsonsecurity.com Hunters
Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
1 year ago Unit42.paloaltonetworks.com
New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - Breach and attack simulation firm SafeBreach has discovered eight new process injection techniques that leverage Windows thread pools to trigger malicious code execution as the result of legitimate actions. Dubbed Pool Party, the injection variants ...
1 year ago Securityweek.com
How To Implementing MITRE ATT&CK In SOC Workflows - A Step-by-Step Guide - By understanding the framework, mapping your current capabilities, developing targeted detection and response strategies, and integrating ATT&CK into your tools and processes, you can build a proactive, threat-informed defense that evolves ...
2 months ago Cybersecuritynews.com
Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
1 year ago Helpnetsecurity.com
Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques - “The variations we saw in Lumma Stealer behavior are significant to defenders,” noted the Sophos Managed Detection and Response team in their report, emphasizing that these delivery techniques could easily be adapted for other malware ...
2 months ago Cybersecuritynews.com Kimsuky
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
New Command-Line Obfuscation Technique Bypasses AVs and EDRs - When a command is executed with these obfuscation techniques, the obfuscated version is what gets recorded by security monitoring tools. The techniques, detailed in a comprehensive study released on March 24, 2025, exploit parsing inconsistencies in ...
2 months ago Cybersecuritynews.com
Bypassing major EDRs using Pool Party process injection techniques - We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience ...
1 year ago Securityaffairs.com
GhostStrike - A Cyber Security Tool for Red Team to Evade Detection - With its array of features aimed at evading detection and performing process hollowing on Windows systems, GhostStrike is setting new benchmarks in cybersecurity testing. GBHackers on Security is a top cybersecurity news platform, delivering ...
9 months ago Gbhackers.com
Surge in 'Hunter-Killer' Malware Uncovered by Picus Security - This fourth annual report shares learnings from an in-depth analysis of more than 600,000 real-world malware samples and identifies the most common techniques leveraged by attackers. Its insights help prioritize defensive actions against commonly ...
1 year ago Darkreading.com
Cybersecurity Weekly Recap: Key Updates on Attacks, Vulnerabilities, & Data Breaches - A critical flaw (CVE-2025-24813) in Apache Tomcat allows attackers to take control of servers or steal sensitive data via malicious file uploads. We’ll also review recent regulatory developments, such as the European Union’s General Data ...
3 months ago Cybersecuritynews.com CVE-2025-24813 Qilin
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
1 year ago Heimdalsecurity.com Volt Typhoon
Navigating the World of Data Anonymization, Part 1 - In today's data-driven world, ensuring individual data privacy has become critical as organizations rely on extensive data for decision-making, research, and customer engagement. Data anonymization is a technique that transforms personal data to ...
1 year ago Feeds.dzone.com
Hackers Leveraging Fast Flux Technique to Evade Detection - As cybercriminal operations grow increasingly sophisticated, threat actors adopt advanced techniques like fast flux to mask malicious infrastructure, evade defensive measures, and maintain persistent access to compromised networks. Security analysts ...
3 months ago Cybersecuritynews.com
Signature Techniques of Asian APT Groups Revealed - The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures employed by Asian Advanced Persistent Threat groups. The 370-page report, Modern Asian APT groups: Tactics, Techniques and ...
1 year ago Infosecurity-magazine.com
New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT - Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files. This attack chain leverages an older Microsoft Office vulnerability ...
2 months ago Cybersecuritynews.com CVE-2017-0199
The Complete Guide to PAM Tools, Features, And Techniques - Before we can dig into specific PAM tools and techniques – it’s first helpful to discuss what effective privileged access management looks like. Privileged access management can’t exist in a silo, because hackers often rely on network/software ...
9 months ago Heimdalsecurity.com
CVE-2024-47706 - In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | ? | ? | ? | | | | | | V | V | V | ...
8 months ago Tenable.com
Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
1 year ago Securityzap.com
Threat Actors Embed Malware on Windows System’s Task Scheduler to Maintain Persistence - A sophisticated cyber attack targeting critical national infrastructure in the Middle East has revealed how threat actors are leveraging Windows Task Scheduler to maintain persistent access to compromised systems. Finally, the malware establishes ...
2 weeks ago Cybersecuritynews.com
China-aligned CeranaKeeper Makes A Beeline For Thailand - The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication ...
9 months ago Informationsecuritybuzz.com Mustang Panda
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
1 year ago Hackread.com
AV Detection & Anti-Malware Scans Bypassed Using Red Team Tool SpecterInsight - Security researcher Pracsec demonstrated that despite Microsoft’s extensive efforts to improve heuristic signatures and detect AMSI bypass techniques, including the detection of code manipulation within AMSI.dll, certain methodologies still ...
4 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)