12 May 2025
#WaitingThreadHijacking #ContextJail == Waitless Thread Hijacking.
Algo:
1. Jail any running remote tgt thread with 99 jailers.
2. Read tgt stack.
3. RtlVirtualUnwind tgt thread to find ret address stack slot.
4. Apply ret address hijack and unjail tgt.
14 Apr 2025
My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking
2
13
3,869
6 May 2025
1. Pause thread midway in exploit races (even ⓪).
2. Or block entire CPU core. Kernel APCs run at APC_LEVEL (🤯), so thread scheduling kinda disabled (think priority == ∞).
3. Or build upon @hasherezade's work & enhance #WaitingThreadHijacking — making it, in fact, Waitless.
1
1
11
1,581
14 Apr 2025
My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking
14 Apr 2025
Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code.
In this blog we introduce a new injection method, that is based on this classic technique, but much stealthier - Waiting Thread Hijacking.
Read More : research.checkpoint.com/2025…
18
135
478
92,223