The presentation discusses new malicious fiber execution techniques, including callstack masking and injecting payloads into dormant fibers, to evade detection by security tools.
- New techniques like Phantom Thread and Poison Fiber improve on existing malicious fiber methods by hiding malicious activities from detection mechanisms.
- Phantom Thread masquerades fibers as threads to avoid memory scans targeting fibers.
- Poison Fiber injects payloads into dormant fibers, enabling remote code execution without suspending threads.
- Fibers, although less common in modern computing, provide a stealthy way to execute malicious code as they are often overlooked by security tools.
- Traditional detection mechanisms in EDR platforms and antivirus engines tend to ignore fibers, making them an attractive avenue for attackers.