Researchers from the cybersecurity firm SafeBreach have developed a new attack vector called Pool Party, which allows bypassing EDR solutions. This new process injection technique was presented at Black Hat Europe 2023 and relies on Windows thread pools to execute malicious operations without being detected by EDR solutions. SafeBreach achieved a 100% success rate in bypassing major EDR solutions such as Palo Alto Cortex, SentinelOne EDR, CrowdStrike Falcon, Microsoft Defender For Endpoint, and Cybereason EDR. SafeBreach warns that sophisticated threat actors will continue to explore new and innovative methods for process injection, and security tool vendors and practitioners must be proactive in their defense against them.

, , , , , , , ,
Show Comments

Fabio

Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles