Post by VMRay
7,845 followers
Attackers are getting better at hiding in plain sight. Payloads tucked inside environment variables, never visible in the command line. Phishkits that look like a dozen legitimate behaviors until you see them together. Legitimate remote management tools delivered through fake brand pages. https://lnkd.in/e7W_3cJW Catching this kind of activity comes down to one thing: understanding how it behaves. Tomorrow at Patrick Staubmann, Threat Analysis Team Lead at VMRay, walks through the latest detection work from VMRay Labs. What's on the agenda: š¹ A four-signal meta-VTI that identifies #phishkit behavior by correlating individually-benign signals, tuned for #EvilProxy-style activity š¹ PowerShell executed from environment variables, a staging technique built to stay out of the command line š¹ Windows #Defender emulator evasion via NtIsProcessInJob, observed in SquidLoader š¹ #Phishing pages delivering legitimate RMM tools through fake brand pages š¹ Updated config extractors for ArechClient2/SectopRAT and Gh0stRAT š¹ 30+ new #YARA rules across stealers, loaders, backdoors, #ransomware, and emerging phishing, including fake Claude installer lures targeting macOS Built for #SOC analysts tracking evasion and security engineers hardening their detection pipelines. Practical, behavioral, and to the point. š https://lnkd.in/e7W_3cJW #Webinar #PhishingDetection #MalwareAnalysis