home.social

#evasiontechniques β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #evasiontechniques, aggregated by home.social.

  1. Formbook Malware Exploits Obfuscation to Evade Detection

    Staying one step ahead of threats just got tougher: Formbook malware's latest campaign combines DLL side-loading and obfuscated JavaScript to expertly evade detection. This sneaky tactic allows it to remain hidden, making it a formidable foe in the cybersecurity landscape.

    osintsights.com/formbook-malwa

    #FormbookMalware #MalwareOperations #EvasionTechniques #EmergingThreats #Obfuscation

  2. Master Forensic-Evasion Techniques for Red Teamers: Actionable Tactics for Staying Undetected
    This article provides comprehensive guidance on forensic evasion techniques for red team operations, focusing on how to maintain stealth during penetration testing and security assessments. The content emphasizes that successful red team operations require more than just initial accessβ€”the real challenge is staying undetected while performing reconnaissance, privilege escalation, and lateral movement. The article covers a range of tactics from basic log deletion to advanced evasion methods that counter modern security controls like SIEMs, EDR solutions, and live process monitoring. While positioned as educational content for red teamers, these techniques are essential knowledge for defenders to understand attacker tradecraft and implement appropriate countermeasures. The piece highlights the cat-and-mouse game between attackers and defenders, explaining why simple log deletion isn't sufficient and how sophisticated detection systems create multiple forensic artifacts. Key focus areas include evading endpoint detection, hiding command execution, manipulating system logs, and using various obfuscation techniques. The content serves as both a practical playbook for red teamers and an intelligence brief for blue teamers to enhance their detection capabilities. Understanding these evasion techniques is crucial for developing robust defensive strategies and recognizing stealthy attack patterns. #RedTeam #BlueTeam #Forensics #PenetrationTesting #InfoSec #ThreatHunting #SecurityControls #EvasionTechniques
    medium.com/@verylazytech/maste

  3. "🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

    An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
    This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. πŸ›‘οΈπŸ’»πŸ”

    Source: Zscaler & VulDB

    Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 πŸŒπŸ”’πŸ”

  4. "🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

    An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
    This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. πŸ›‘οΈπŸ’»πŸ”

    Source: Zscaler & VulDB

    Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 πŸŒπŸ”’πŸ”

  5. "🚨 CVE-2023-28807 - Domain Fronting Evasion in ZIA 🚨"

    An evasion technique identified as CVE-2023-28807, allows attackers to bypass Zscaler Internet Access (ZIA)'s domain fronting detection by exploiting a mismatch between Connect Host and Server Name Indication (SNI) in Client Hello messages. The vulnerability exploits how ZIA handles the SNI field during the TLS handshake process. The SNI is intended to indicate which host the client wants to connect to within a shared hosting environment, allowing the server to present the correct certificate for that host. However, due to this vulnerability, an attacker can manipulate the SNI in such a way that the security mechanisms fail to correctly identify and filter malicious traffic, enabling the attacker to hide malicious activities within what appears to be legitimate traffic.
    This vulnerability, discovered and addressed by Zscaler. Users are urged to upgrade to version 6.2r.290 to mitigate this risk. πŸ›‘οΈπŸ’»πŸ”

    Source: Zscaler & VulDB

    Tags: #Cybersecurity #CVE2023 #DomainFronting #Zscaler #NetworkSecurity #EvasionTechniques #MITREATTACK MITRE - T1587.003 πŸŒπŸ”’πŸ”

  6. "πŸ” Homoglyph Attack: Deadglyph's Deceptive Disguise 🎭"

    Deadglyph, the newly discovered backdoor by ESET, employs a homoglyph attack to mimic Microsoft Corporation, a tactic to deceive and evade detection. This showcases an elevated level of sophistication in its design, further emphasizing the expertise behind Stealth Falcon's cyber-espionage campaigns. The continuous monitoring of system processes and randomized network patterns are among its counter-detection mechanisms, making Deadglyph a formidable tool in the arsenal of Stealth Falcon. πŸ›‘οΈπŸŽ―

    Source: ESET Research Blog

    Tags: #HomoglyphAttack #Deadglyph #StealthFalcon #CyberSecurity #MalwareDetection #EvasionTechniques #InfoSec #cyberthreats

  7. "πŸ” Homoglyph Attack: Deadglyph's Deceptive Disguise 🎭"

    Deadglyph, the newly discovered backdoor by ESET, employs a homoglyph attack to mimic Microsoft Corporation, a tactic to deceive and evade detection. This showcases an elevated level of sophistication in its design, further emphasizing the expertise behind Stealth Falcon's cyber-espionage campaigns. The continuous monitoring of system processes and randomized network patterns are among its counter-detection mechanisms, making Deadglyph a formidable tool in the arsenal of Stealth Falcon. πŸ›‘οΈπŸŽ―

    Source: ESET Research Blog

    Tags: #HomoglyphAttack #Deadglyph #StealthFalcon #CyberSecurity #MalwareDetection #EvasionTechniques #InfoSec #cyberthreats

  8. "πŸ” Homoglyph Attack: Deadglyph's Deceptive Disguise 🎭"

    Deadglyph, the newly discovered backdoor by ESET, employs a homoglyph attack to mimic Microsoft Corporation, a tactic to deceive and evade detection. This showcases an elevated level of sophistication in its design, further emphasizing the expertise behind Stealth Falcon's cyber-espionage campaigns. The continuous monitoring of system processes and randomized network patterns are among its counter-detection mechanisms, making Deadglyph a formidable tool in the arsenal of Stealth Falcon. πŸ›‘οΈπŸŽ―

    Source: ESET Research Blog

    Tags: #HomoglyphAttack #Deadglyph #StealthFalcon #CyberSecurity #MalwareDetection #EvasionTechniques #InfoSec #cyberthreats

  9. "πŸ” Homoglyph Attack: Deadglyph's Deceptive Disguise 🎭"

    Deadglyph, the newly discovered backdoor by ESET, employs a homoglyph attack to mimic Microsoft Corporation, a tactic to deceive and evade detection. This showcases an elevated level of sophistication in its design, further emphasizing the expertise behind Stealth Falcon's cyber-espionage campaigns. The continuous monitoring of system processes and randomized network patterns are among its counter-detection mechanisms, making Deadglyph a formidable tool in the arsenal of Stealth Falcon. πŸ›‘οΈπŸŽ―

    Source: ESET Research Blog

    Tags: #HomoglyphAttack #Deadglyph #StealthFalcon #CyberSecurity #MalwareDetection #EvasionTechniques #InfoSec #cyberthreats

  10. "πŸ” Homoglyph Attack: Deadglyph's Deceptive Disguise 🎭"

    Deadglyph, the newly discovered backdoor by ESET, employs a homoglyph attack to mimic Microsoft Corporation, a tactic to deceive and evade detection. This showcases an elevated level of sophistication in its design, further emphasizing the expertise behind Stealth Falcon's cyber-espionage campaigns. The continuous monitoring of system processes and randomized network patterns are among its counter-detection mechanisms, making Deadglyph a formidable tool in the arsenal of Stealth Falcon. πŸ›‘οΈπŸŽ―

    Source: ESET Research Blog

    Tags: #HomoglyphAttack #Deadglyph #StealthFalcon #CyberSecurity #MalwareDetection #EvasionTechniques #InfoSec #cyberthreats