Post by VMRay

Attackers are working harder than ever to stay invisible. Living off legitimate tools. Quietly probing for credentials and configs in the corners of the system most defenders don't watch. Slipping data out through trusted browser processes that look entirely benign in EDR telemetry. Detecting that kind of activity requires understanding exactly how it behaves, and building detection logic that keeps up. Tomorrow, Thorsten Schreiber will walk through what VMRay Labs shipped this month: 🔹 #RMM tool detection: catching legitimate remote management software repurposed for persistent access 🔹 #Sandbox #evasion via geolocation and directory checks: surfacing #malware that goes quiet in analysis environments 🔹 #Chromium browser abuse: detecting headless-mode execution and App-Bound Encryption bypass from inside the browser's own trusted process 🔹 Sensitive data discovery: four new threat identifiers targeting #infostealer reconnaissance against password managers, RDP configs, developer tools, and VPN clients 🔹 30+ new #YARA rules and config extractors covering #MuddyWater, #CamaroDragon, #PhantomStealer, #ParallaxRAT, #SalatStealer, and more Practical, behavioral, and built for the analysts and engineers doing the work. 🔗 https://lnkd.in/dskxZFyc #Webinar #ThreatDetection #DetectionEngineering #MalwareAnalysis #ThreatHunting #ThreatIntelligence