This talk showcases yet another new code injection technique (I know, bear with me), nicknamed Dirty Vanity. This technique challenges current injection detection and prevention means while opening a wider spectrum of attacks that challenges common concepts of EDR TTPs. This technique abuses the lesser-known forking mechanism which is built in Windows operating systems. In the talk, we will cover the forking mechanism's internals, and common means to activate it...
By: Eliran Nissan
Full Abstract and Presentation Materials: www.blackhat.com/eu-22/briefi...
30 мар 2023
