Guido Miggelenbrink introduces the new Early Cascade Injection technique in this blog post. This stealthy process injection technique targets the user-mode part of process creation, combining elements of Early Bird APC Injection and EDR-Preloading to avoid detection by top tier EDRs. The post explores Windows process creation, highlighting the functions involved and the user-mode and kernel-mode parts. The Early Bird APC Injection technique, discovered by Cyberbit, is also discussed, outlining how it injects code early in the process to evade EDR detection measures. The EDR-Preloading technique, inspired by Marcus Hutchins, is briefly explained as a way to prevent EDRs from loading user-mode detection measures during process creation.
https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/