CP Research Blog offers insights, tutorials, and updates on competitive programming, algorithms, and data structures. Covering topics such as coding competitions, problem-solving techniques, and algorithmic challenges, CP Research Blog provides resources for competitive programmers and coding enthusiasts. Developers can learn about mastering coding interviews, optimizing algorithmic solutions, and advancing their problem-solving skills through CP Research's blog posts and coding tutorials.

Check Point Research

Waiting Thread Hijacking (WTH) is a novel process injection technique designed to avoid triggering common Endpoint Detection & Response (EDR) system alerts. By hijacking the flow of dormant waiting threads, rather than creating new threads or overtly suspending/resuming existing ones, WTH offers a stealthier method of executing malicious code. The technique involves manipulating return addresses within system call wrappers of waiting threads, evading typical defensive measures that monitor for known suspicious API calls. This approach allows concealed execution of payloads while minimizing detection risks.

Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking

What Problems Waiting Thread Hijacking Solves?