Hi, my boss assigned me a blog topic on How to detect EDR evasion using agentic AI, and while I understand the concept, I'm struggling to find sufficient resources to support my ideas. Can anyone recommend reliable sources or explain the architecture for this and how it would function in real life case such as EDR evasion used by conti or anyother? submitted by /u/payload-saint [link] [comments]
Crypto24 has been active since late 2023, evolving into a mature operation against large enterprises in Asia, Europe, and the us. Recent analysis shows: persistence through scheduled tasks, fake windows services, and privileged account creation privilege escalation via runas, psexec, and group modifications deployment of a custom tool ("realblindingedr") to disable major av/edr drivers lateral movement with psexec, rdp registry tweaks, firewall rules, and ip scanning keylogging via...
A new proof-of-concept (PoC) tool named Obex has been released, offering a method to prevent Endpoint Detection and Response (EDR) and other monitoring solutions' dynamic-link libraries (DLLs) from loading into processes. The tool, created by a researcher known as "dis0rder0x00," is designed to block specified DLLs both during the initial startup of a process and
🫂GET IN🫂CLICK🫂HUNTING🫂NEWS🫂THREAT ACTOR HARMONY🫂DRAMA🫂RULES🫂IOC JUICERS
Linux post-exploitation agent that uses io_uring to stealthily bypass EDR detection by avoiding traditional syscalls. https://github.com/MatheuZSecurity/RingReaper RingReaper is a post-exploitation agent for Linux designed for those who need to operate stealthily, minimizing the chances of being detected by EDR solutions. The idea behind this project was to leverage io_uring , the new asynchronous I/O interface in the Linux kernel, specifically to avoid traditional system calls that most EDRs...
Hello, Quick intro: transitioned from retail after 10 years into an IT Help Desk role back in November 2024. Since then, I took over the "mundane" security stuff: investigating phishing emails, EDR log monitoring, network security monitoring with a DNS security platform, and whatever else may pop up. I have loved every minute of doing this and would love to specialize my skills and fit into a blue team role, with the end goal of becoming a threat hunter or incident response. I am typically the...
We recently triaged an incident where a ransomware group pivoted into the AWS control plane using stolen access keys and the Pacu framework. Here's a quick recap and what helped: What happened: Keys tied to two users were abused to run Pacu modules against multiple accounts. We traced activity via CloudTrail (API patterns + source IPs) and identified a common foothold: a Veeam backup server that stored both key sets. Why it matters: EDR on instances won't see control-plane abuse; you need API...
A sophisticated technique that allows attackers to execute malicious code directly in memory is gaining traction, posing a significant challenge to modern Endpoint Detection and Response (EDR) solutions. This method, which involves an in-memory Portable Executable (PE) loader, enables a threat actor to run an executable within an already trusted process, effectively bypassing security checks
Hey everyone, Are any of you running 24/7 EDR not just for laptops/desktops, but also for things like routers or networking gear? I've seen more vendors offer full coverage across endpoints and the network side, but I'm wondering how realistic or helpful that actually is day to day. Especially in smaller or mid-sized environments. Are you seeing real value from the 24/7 part (like faster response times, peace of mind, etc.), or is it mostly overkill unless you're a huge org? Thanks submitted by...
I have been working in the cybersecurity field for about a year now as an Abuse Mitigation and Compliance Associate . While it is somewhat related to cybersecurity, it doesn't fully align with the type of work I want to do. That's why I am actively looking for a new role. I am continuously upskilling - I have completed CEH v13, SOC-1, Pre-Cybersecurity, and Cybersecurity 101 on TryHackMe . I am also working on improving my proficiency in EDR, Splunk, and Forensics . My goal right now is to at...
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft's Windows Error Reporting (WER) system.
Kindly suggest CQL for EDR freeze SIEM usecase as referred in the below article https://www.zerosalarium.com/2025/09/EDR-Freeze-Puts-EDRs-Antivirus-Into-Coma.html submitted by /u/vyasarvenkat [link] [comments]
submitted by /u/Cold-Dinosaur [link] [comments]
submitted by /u/digicat [link] [comments]
A new proof-of-concept tool named EDR-Freeze has been developed, capable of placing Endpoint Detection and Response (EDR) and antivirus solutions into a suspended "coma" state. According to Zero Salarium, the technique leverages a built-in Windows function, offering a stealthier alternative to the increasingly popular Bring Your Own Vulnerable Driver (BYOVD) attacks used by threat actors
submitted by /u/Cold-Dinosaur [link] [comments]
I'm looking to get into DFIR consulting. Last job I applied for I didn't get as they were looking for someone with 'alot of EDR experience.' I'm a forensics guy so while Ive used crowdstrike some it's not usually what I do, but I'm seeing EDR experience in more and more job reqs. Any tips on gaining more EDR experience? How does one gain experience in multiple EDRs? submitted by /u/internal_logging [link] [comments]
Hey all ✌🏻 I just published a new article: " The 'Verified Extension' Illusion: Inside the July 2025 VSCode Flaw That EDR Missed " on Medium. Medium I'd really appreciate your thoughts. Comments, shares, feedback all welcome! Posting it here for your convenience (images are not allowed here): The "Verified Extension" Illusion: Inside the July 2025 VSCode Flaw That EDR Missed What If "Verified" Doesn't Mean Safe? When developers install a plugin from a trusted marketplace, they assume it's safe....
The title says it all. I'm new to the world of Photon OS and the default EDR I usually deploy is not compatible with Photon OS. What EDRs do you guys run on Photon OS, if any at all? cheers, submitted by /u/RoutineLibrarian2829 [link] [comments]
Is monitoring this service and the integrity of the security log a big deal? I have multiple EDR in my environment, none of them gave me an alert the other day when I went fucking around with the service, and deleting the security .evtx , either in the GUI or via command line. This was really surprising to me. submitted by /u/jajajaline [link] [comments]