Techly NewsGet the app

Get the latest tech news

Early Cascade Injection: From Windows process creation to stealthy injection


Get an introdcution to Early Cascade, a novel process injection technique that is effective against top tier EDRs while avoiding detection.

Techniques like this are becoming increasingly important as Microsoft gradually restricts third-party access to the kernel, forcing EDR detection measures from kernel-mode to user-mode. Loader Lock is acquired each time when a function needs access to the module database ( PEB_LDR_DATA), which is involved in tasks such as DLL loading, unloading, and thread creation[9]. Novel technique: Due to Early Cascade Injection’s novel approach, its call pattern is less likely to be recognized by security products, reducing the risk of detection.

Get the Android app

Or read this on Hacker News

« Standing desks don’t do squat, per new study
Show HN: Jaws – a JavaScript to WASM ahead-of-time compiler »