SafeBreach has discovered eight new process injection techniques that use Windows thread pools to detect malicious code execution.
The company used Pool Party variants across all processes and detected techniques through endpoint detection and response (EDR) solutions.
Businesses can use process injection, which works in three ways–allocates memory on the target process, writes malicious codes to the allocated memory, and executes the codes.
Using the technique, the company discovered that the Windows user-mode thread pool represents a specific area for process injection. Hence, through the process injection, SafeBreach achieved a 100% success rate in preventing Pool Party attacks.
Read More: New ‘Pool Party’ Process Injection Techniques Undetected by EDR Solutions
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.