Cómo evadir detecciones con ofuscación en la línea de comandos #edr #evasion #herramientas #técnicas
https://www.hackplayers.com/2025/03/como-evadir-detecciones-con-ofuscacion.html
Camera off: Akira deploys ransomware via webcam
Akira, a prominent ransomware group, accounted for 15% of incidents in 2024, showcasing novel evasion techniques. In a recent attack, Akira circumvented an Endpoint Detection and Response (EDR) tool by compromising an unsecured webcam to deploy ransomware. After initial detection, the group pivoted to exploit IoT devices, particularly a vulnerable webcam running Linux. This allowed them to execute their Linux ransomware variant without EDR interference. The incident highlights the importance of comprehensive security measures, including IoT device monitoring, network segmentation, and regular audits. Key takeaways include prioritizing patch management for all devices, adapting to evolving threat actor tactics, and ensuring proper EDR implementation.
Pulse ID: 67d046979aa7a5f6ddc6aa12
Pulse Link: https://otx.alienvault.com/pulse/67d046979aa7a5f6ddc6aa12
Pulse Author: AlienVault
Created: 2025-03-11 14:20:07
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cybersecurity #Schwachstelle #IoT Devices: Eine ziemlich abenteuerliche Geschichte von einem Akira #Ransomware Angriff zeigt, dass Endpoint Detection and Response (#EDR) nicht immer hilft, wenn es an anderer Stelle im Unternehmensnetz weitgehend ungeschützte Einfallstore gibt - bis hin zu einer auf den ersten Blick vielleicht harmlos erscheinenden Webcam - darum macht Netzwerksegmentierung Sinn:
#Akira #ransomware gang used an unsecured webcam to bypass #EDR
https://securityaffairs.com/175103/cyber-crime/akira-ransomware-gang-used-unsecured-webcam-bypass-edr.html
#securityaffairs #hacking #malware
The Akira #ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response #EDR, which was blocking the encryptor in Windows
The Akira #ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (#EDR), which was blocking the encryptor in Windows.
The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1, 2 and 3:
https://neodyme.io/en/blog/com_hijacking_1/
https://neodyme.io/en/blog/com_hijacking_2/
https://neodyme.io/en/blog/com_hijacking_3/#vulnerability-1-leveraging-file-deletion-for-lpe
The Key to COMpromise - Pwning AVs and EDRs by Hijacking COM Interfaces, Part 1, 2 and 3:
https://neodyme.io/en/blog/com_hijacking_1/
https://neodyme.io/en/blog/com_hijacking_2/
https://neodyme.io/en/blog/com_hijacking_3/#vulnerability-1-leveraging-file-deletion-for-lpe
Sandfly is now offering a license for private users: https://sandflysecurity.com/get-sandfly/
Analysis of malicious HWP cases of 'APT37' group distributed through K messenger
The report details a sophisticated APT attack targeting South Korea, utilizing spear-phishing techniques and malicious HWP files distributed through a popular Korean messenger service. The APT37 group exploited trust-based tactics, using compromised accounts to spread malware through group chats. The malicious files contained OLE objects that executed PowerShell commands and shellcode, ultimately deploying the RoKRAT malware. This file-less attack method allowed for information gathering and potential remote control of infected systems. The attackers used pCloud for data exfiltration and command-and-control communication. The report emphasizes the importance of endpoint detection and response (EDR) systems to combat such evolving threats.
Pulse ID: 67a38d686710526e35f1ff4d
Pulse Link: https://otx.alienvault.com/pulse/67a38d686710526e35f1ff4d
Pulse Author: AlienVault
Created: 2025-02-05 16:10:16
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Frage in die Runde:
Hat jemand von euch (oder kennt jemanden) in den letzten Jahren eine Endpoint Protection oder ein EDR in der Firma eingeführt (z.B. Jamf Protect, Microsoft Defender for Business o.ä.)?
Wie lange hat das ca. gedauert (inkl. datenschutzrechtlichen und IT-Sicherheitsabklärungen)?
Wäre um ein paar Erfahrungswerte aus der Schweiz und dem EU-Raum dankbar 
Detonating Beacons to Illuminate Detection Gaps - Learn how Elastic Security leveraged open-source BOFs to achieve detection engineering goals during our most recent ON week: https://www.elastic.co/security-labs/detonating-beacons-to-illuminate-detection-gaps #edr #bof #elastic
Un premier #EDR - #Endpoint #Detection and #Response, sorte de #super #antivirus, vient d'être "qualifié" par l' #ANSSI , l' #autorité #cyber #française #cybersec : les explications
I just learned SANS put out some new research papers on December 5th. Looking forward to reading "Never Trust, Always Verify: Effectiveness of Endpoint Detection and Response Tools Versus Zero Trust Endpoint Controls in Enterprise Environments"
https://cloudbrothers.info/en/edr-silencers-exploring-methods-block-edr-communication-part-1/
And if you want even more, checkout part 2 released by @cyb3rmonk Link in the post
Last talk before the afternoon break, and third-last talk of this @hack_lu #hacklu2024 is Hilko Bengen with “Detection and response for Linux without #EDR” @hillu
