Dirty Vanity: A New Approach to Code Injection & EDR Bypass

This talk showcases yet another new code injection technique (I know, bear with me), nicknamed Dirty Vanity. This technique challenges current injection detection and prevention means while opening a wider spectrum of attacks that challenges common concepts of EDR TTPs. This technique abuses the lesser-known forking mechanism which is built in Windows operating systems. In the talk, we will cover the forking mechanism's internals, and common means to activate it... By: Eliran Nissan Full Abstract and Presentation Materials: https://www.blackhat.com/eu-22/briefings/schedule/#dirty-vanity-a-new-approach-to-code-injection--edr-bypass-28417