Blind EDR With Fake Program Files
I. INTRODUCTION In previous articles, I demonstrated using Windows’ bind link feature to block or redirect Antivirus/EDR from accessing their executable folder. You can…
Month: March 2026
ClickFix attackers using new tactic to evade detection, says Microsoft
“And all Windows computers should already be restricted so that random, unsigned (not signed by the organization), PowerShell commands should not be allowed. Every organization and…
MITRE Caldera releases HVACSim to train OT security defenders without physical hardware
The MITRE Caldera for OT team introduced HVACSim, a software-only simulator that plugs into its open-source adversary emulation framework to lower the barriers to OT…
Bringing Engineering on Board and Resetting IT Expectations
OT Insights CenterBringing Engineering on Board and Resetting IT Expectations Bringing Engineering on Board and Resetting IT Expectations Watch the webinar for a revealing deep…
ClearSky exposes Russian cyber operation targeting Ukraine with newly discovered BadPaw, MeowMeow malware
Researchers from the ClearSky Team uncovered a targeted Russian cyber campaign against Ukraine, leveraging two previously unseen malware strains, BadPaw and MeowMeow. The attack begins…
Webinar: 2026 OT Cyber Threat Report
OT Insights CenterWebinar: 2026 OT Cyber Threat Report Webinar: 2026 OT Cyber Threat Report In 2025, 57 cyber attacks caused real-world damage in heavy industry,…
Fig Security emerges from stealth with $38M to help security teams deal with change
For enterprises, being able to study data unlocks much more than new ways to make money. The modern enterprise tech stack is mind-bogglingly complex —…
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
Coruna is also notable for its use by three distinct hacking groups. Google first detected its use in February of last year in an operation…
Allegations, Fragmentation, and the Rebuilding of the Ransomware Underground
Executive summary The January 2026 seizure of RAMP disrupted a major ransomware coordination hub, but it did not dismantle the ecosystem behind it. Instead, it…
Symantec reports Iranian Seedworm hackers infiltrate US infrastructure and defense supply chain networks
Symantec researchers identified cyber activity linked to the Iranian advanced persistent threat group Seedworm across the networks of several U.S. organizations, with intrusions beginning in…
EDRStartupHinder: EDR Startup Process Blocker
I. OVERVIEW Continuing the series of studies on exploiting the Bindlink API to tamper with Antivirus/EDRs. This time, I will use “bindflt.sys” to prevent…
Android Malware Hijacks Google Gemini to Stay Hidden
ESET researchers have identified an Android malware implant that uses generative AI (GenAI) for persistence purposes. This malicious implant is an advanced version of VNCSpy,…