Ransomware gangs are using the Shanya.exe packer to hide EDR-killers — making defenses blind before the attack even begins. Obfuscation is their new edge. 🧩💀 #Ransomware #EDREvasion
#EDREvasion
🚨 EDR-Redir exploit uses Windows’ Bind & Cloud Filter drivers to redirect or isolate EDR folders from user mode - no kernel privileges required.
Demoed by TwoSevenOneT, it breaks Elastic Defend, Sophos, and even disables Defender via CFAPI corruption.
Minifilter abuse is becoming the new weak link in EDR design.
💬 Thoughts on how vendors should adapt?
Follow TechNadu for continuous
#ThreatResearch and #EDREvasion updates.
#InfoSec #CyberSecurity #EDR #BYOVD #WindowsSecurity #MalwareAnalysis #RedTeam
No PE header? No problem.
@FortiGuardLabs dropped a deep dive into a malware sample dumped without a PE header — like a cybercriminal rage-quit halfway through packing their payload.
You ever load a binary in IDA and think, “Am I being punk’d?”
Yeah, it’s one of those samples.
This sample:
Reconstructs its own PE structure at runtime
Hides config data in obfuscated blobs
Uses anti-sandbox tricks to avoid analysis
Drops yet another info-stealer, because originality is dead
It’s engineered to break basic static analysis and dodge sandboxes like it’s speedrunning DEFCON CTF.
🔗 Full breakdown:
https://www.fortinet.com/blog/threat-research/deep-dive-into-a-dumped-malware-without-a-pe-header
TL;DR for blue teamers:
Static AV signatures won’t help here
Watch for suspicious memory allocations + hollowing patterns
Endpoint heuristics > file-based detection
Log your PowerShell and LOLBins — this thing probably brings friends
If your EDR cries when it sees raw shellcode, maybe give it a hug
#ThreatIntel #MalwareAnalysis #ReverseEngineering #Infosec #PEFilesAreSo2020 #EDREvasion #LOLbins #CyberSecurity #BlueTeam
BestEdrOfTheMarket: Open-Source Lab for EDR Evasion Techniques
BestEdrOfTheMarket is an open-source lab for training and learning EDR evasion techniques, utilizing Windows NT's telemetric capabilities.
Hiding Shellcode in Image Files with Python and C/C++ -> Now Even Stealthier Without WinAPIs
Check it out here:
🔗 GitHub Repository:
👉 https://github.com/WafflesExploits/hide-payload-in-images
🔗 Full Guide Explaining the Code:
👉 https://wafflesexploits.github.io/posts/Hide_a_Payload_in_Plain_Sight_Embedding_Shellcode_in_a_Image_file/
Happy hacking! 😀
#Cybersecurity #MalwareDevelopment #Steganography #RedTeam
#EDREvasion #Python #C #Hacking #PayloadHiding #PenetrationTesting
Here's the wiki entries for #EDRevasion as promised @hack_lu @itisiboller
Evadere Classifications - different types of evasions by SpectreOps
Awesome EDR Bypass Resources For Ethical Hacking - Awesome-EDR-bypasses
“in the past two years, Mandiant, which is part of Alphabet Inc.’s Google Cloud division, has investigated 84 breaches where EDR or other endpoint security software was tampered with or disabled https://www.bloomberg.com/news/articles/2023-04-27/hackers-are-finding-ways-to-evade-latest-cybersecurity-tools
Happy Monday! This morning I am feeling much more caught up and refreshed. The feeling of burnout and being overwhelmed have subsided which is great!
Today I am going to spending part of the day working with the interns and the other half of the day getting the Github integration working ELK. I was able to get one of my private repos to work properly, now I just need to get our organization's account working.
We are also wrapping up our IR tabletop exercise. I am very proud with how the interns have contributing. We went with an EDR evasion method of compromise on some ERP servers that run our warehouses!
Lot's of other stuff. Maybe I should write another blog post about everything I am working on!
A memory-based evasion technique which makes shellcode invisible from process start to end: https://github.com/lem0nSec/ShellGhost
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst