EDR-Redir uses a Bind Filter (mini filter bindflt.sys) and the Windows Cloud Filter API (cldflt.sys) to redirect the Endpoint Detection and Response (EDR) 's working folder to a folder of the attacker's choice. Alternatively, it can make the folder appear corrupt to prevent the EDR's process services from functioning. submitted by /u/Cold-Dinosaur [link] [comments]
I was looking for a quick way to check which bank or country a card comes from and most of the tools I found were either slow or full of ads. So I made a simple lookup site: https://www.binsearchlookup.com It shows useful data such as: - Type - Brand - Issuer - Category - Country - Bank website and contact information It also supports an API for anyone who needs to automate checks or integrate it into their workflow. If you work in OSINT, fraud detection, or payment security, I would appreciate...
Cybersecurity researchers have uncovered a sophisticated ransomware campaign where Agenda group threat actors are deploying Linux-based ransomware binaries directly on Windows systems, targeting VMware virtualization infrastructure and backup environments. This cross-platform execution technique challenges traditional security assumptions and demonstrates how ransomware operators are adapting to bypass endpoint detection systems that primarily focus on Windows-native threats.
A sophisticated malware campaign targeting WordPress sites has emerged, utilizing PHP variable functions and cookie-based obfuscation to evade traditional security detection mechanisms. The attack represents an evolution in obfuscation techniques, where threat actors fragment malicious code across multiple HTTP cookies and dynamically reconstruct executable functions at runtime. This approach makes static analysis significantly more challenging,
Hey everyone, I recently started my first job as a SOC Engineer - in my country, they accept entry-level candidates for cybersecurity roles, so I was lucky enough to get in early. My current focus at work is mainly on the detection side - fine-tuning and creating detection rules for our SIEM. Now, my company is sponsoring me for a certification, and I'm currently torn between BTL1 and the newly released CJDE . I want to use this opportunity to upskill and strengthen my SOC engineering...
Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends.
In recent years, the cybersecurity industry has made significant strides in securing endpoints with advanced Endpoint Detection and Response (EDR) solutions, and we have been successful in making life more difficult for our adversaries. While this progress is a victory, it has also produced a predictable and dangerous consequence where threat actors are shifting their
A new open-source tool called PDF Object Hashing is designed to detect malicious PDFs by analyzing their structural "fingerprints." Released by Proofpoint, the tool empowers security teams to create robust threat detection rules based on unique object characteristics in PDF files. This innovation addresses the growing reliance of threat actors on PDFs for delivering malware,
A sophisticated information-stealing malware written in Golang has emerged, leveraging blockchain technology to establish covert command-and-control channels. SharkStealer represents a significant evolution in malware design, utilizing the BNB Smart Chain Testnet as a resilient dead-drop resolver for its C2 infrastructure. This novel approach demonstrates how threat actors exploit Web3 technologies to evade traditional detection mechanisms
arXiv:2508.17884v2 Announce Type: replace Abstract: Hidden LLM prompts have appeared in online documents with increasing frequency. Their goal is to trigger indirect prompt injection attacks while remaining undetected from human oversight, to manipulate LLM-powered automated document processing systems, against applications as diverse as r\'esum\'e screeners through to academic peer review processes. Detecting hidden LLM prompts is therefore important for ensuring trust in AI-assisted human...
arXiv:2503.03877v4 Announce Type: replace Abstract: Fault injection attacks (FIA) pose significant security threats to embedded systems as they exploit weaknesses across multiple layers, including system software, instruction set architecture (ISA), microarchitecture, and physical hardware. Early detection and understanding of how physical faults propagate to system-level behavior are essential to safeguarding cyberinfrastructure. This work introduces CRAFT, a framework that combines...
arXiv:2510.20019v1 Announce Type: cross Abstract: Radio Frequency Identification (RFID) tracking may be a viable solution for defense assets that must be stored in accordance with security guidelines. However, poor sensor specificity (vulnerabilities include long range detection, spoofing, and counterfeiting) can lead to erroneous detection and operational security events. We present a supervised learning simulation with realistic Received Signal Strength Indicator (RSSI) data and Decision Tree...
arXiv:2510.19890v1 Announce Type: new Abstract: We present a data generation framework designed to simulate spoofing attacks and randomly place attack scenarios worldwide. We apply deep neural network-based models for spoofing detection, utilizing Long Short-Term Memory networks and Transformer-inspired architectures. These models are specifically designed for online detection and are trained using the generated dataset. Our results demonstrate that deep learning models can accurately...
arXiv:2510.19859v1 Announce Type: new Abstract: Cyberattack detection in Critical Infrastructure and Supply Chains has become challenging in Industry 4.0. Intrusion Detection Systems (IDS) are deployed to counter the cyberattacks. However, an IDS effectively detects attacks based on the known signatures and patterns, Zero-day attacks go undetected. To overcome this drawback in IDS, the integration of a Dense Neural Network (DNN) with Data Augmentation is proposed. It makes IDS intelligent and...
Hey everyone, I put together a video showing something I think many blue teams deal with: encrypted C2 traffic sailing right past EDR. In the demo, I run an SSL C2 connection that the EDR completely misses, then show how to detect it using SIEM. The second half covers building a detection rule and pushing it to the SIEM via a Detection-as-Code pipeline. What's covered: Using indicators in SIEM to spot the C2 sample Writing the detection logic Automating rule deployment with a DaC pipeline...
I recently ran a Kali VM against a Windows test host and instrumented the target with Procmon and WMI/Windows logs to see how a new WMI-native post-exploitation tool - Wmiexec-Pro - behaves. The source code revealed several execution and persistence techniques that avoid SMB and Win32_Process, and that open new, practical detection opportunities. This post walks through the important modules, what they do, and the concrete telemetry you can hunt for. Executive Summary Wmiexec-Pro is a...
arXiv:2507.05213v2 Announce Type: replace Abstract: Threat hunting is an operational security process where an expert analyzes traffic, applying knowledge and lightweight tools on unlabeled data in order to identify and classify previously unknown phenomena. In this paper, we examine threat hunting metrics and practice by studying the detection of Crackonosh, a cryptojacking malware package, has on various metrics for identifying its behavior. Using a metric for discoverability, we model the...
arXiv:2510.19708v1 Announce Type: cross Abstract: Authorship attribution techniques are increasingly being used in online contexts such as sock puppet detection, malicious account linking, and cross-platform account linking. Yet, it is unknown whether these models perform equitably across different demographic groups. Bias in such techniques could lead to false accusations, account banning, and privacy violations disproportionately impacting users from certain demographics. In this paper, we...
arXiv:2510.19615v1 Announce Type: cross Abstract: Decompilation converts machine code into human-readable form, enabling analysis and debugging without source code. However, fidelity issues often degrade the readability and semantic accuracy of decompiled output. Existing methods, such as variable renaming or structural simplification, provide partial improvements but lack robust detection and correction, particularly for complex closed-source binaries. We present FidelityGPT, a framework that...
arXiv:2510.19574v1 Announce Type: cross Abstract: As object detection models are increasingly deployed in cyber-physical systems such as autonomous vehicles (AVs) and surveillance platforms, ensuring their security against adversarial threats is essential. While prior work has explored adversarial attacks in the image domain, those attacks in the video domain remain largely unexamined, especially in the no-box setting. In this paper, we present {\alpha}-Cloak, the first no-box adversarial...