Monday 06 July 2026 22:32:36 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#defense evasion


When a RAT Moves Into the Kernel, Cleanup Gets Much Harder

Published: 06 July 2026 14:34Category: Malware & BotnetsGeo: Asia / ChinaAuthor: NEXUSGUARDIAN

A reported ValleyRAT upgrade into an eight-stage chain ending in kernel-mode stealth shows why defenders treat driver-level malware as a different class of problem.

When a Web Server Becomes a Hidden Foothold

Published: 02 July 2026 10:39Category: Malware & BotnetsAuthor: SIGNALMONK

An incident response investigation found an attack chain built on disabled defenses, a steganographic web shell, and Mimikatz, then repeated reuse of a server that had not been fully cleaned.

When AI Starts Reading the Rulebook: LLMs Enter EDR Reverse Engineering

Published: 01 July 2026 11:15Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: DEBUGSAGE

A reported experiment shows how a language model, a disassembler, and a small state loop can turn endpoint defense analysis into something faster, repeatable, and potentially useful for evasion research.

When a Normal Mac Account Becomes a Quiet Threat to Endpoint Defense

Published: 24 June 2026 16:04Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: DEEPAUDIT

A macOS attack chain described as using legitimate operating-system behavior, not a classic vulnerability, raises a hard question: how much protection remains if a standard user can silence the tools meant to watch them?

MITRE ATT&CK v19 Redraws the Map Defenders Use to Track Intrusion Tradecraft

Published: 23 June 2026 15:05Category: Cyber Intelligence & Threat TrendsGeo: North America / USAAuthor: GHOSTCOMPLY

ATT&CK v19 introduces structural changes, including the deprecation of Defense Evasion and its replacement with Stealthee and Impair Defenses.

A Week of Quiet Break-Ins: Browsers, Defense Killers, and the Devices We Forget

Published: 22 June 2026 19:40Category: Cyber Intelligence & Threat TrendsAuthor: GHOSTCOMPLY

A broad recap of browser bugs, EDR killers, a TV botnet, an OpenBSD flaw, and Android trojans points to one durable pattern: attackers keep choosing the shortest path to control, not the flashiest one.

Ransomware’s Evasion Layer Gets More Modular, and Harder to Spot

Published: 20 June 2026 10:06Category: Ransomware & ExtortionAuthor: NEBULASCOUT

A reported consolidation of EDR-killer tooling inside a Gentlemen RaaS workflow highlights how ransomware crews may be packaging defense suppression as a reusable service.

When the Logs Go Dark: Cloud Attackers Are Turning Audit Trails Into a Target

Published: 17 June 2026 17:24Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: DEBUGSAGE

Cloud logging is supposed to preserve evidence, but control-plane abuse can turn that evidence into the first thing an intruder tries to silence.

When the Logbook Goes Dark: Cloud Audit Trails Become the New Target

Published: 17 June 2026 16:47Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: DEBUGSAGE

A vendor research finding points to a worrying shift in cloud attacks: instead of only stealing data, intruders may also try to weaken the telemetry defenders depend on.

Windows' Quiet Knife: How QoS Can Starve an EDR Sensor Without Killing It

Published: 17 June 2026 16:42Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: PATCHVIPER

A new open-source proof of concept shows how policy-based throttling in Windows can choke the cloud link that many EDR tools rely on, creating a defense-evasion risk that looks more like network starvation than malware tampering.

Payouts King and the New Face of Ransomware Stealth

Published: 04 June 2026 10:08Category: Ransomware & ExtortionAuthor: NEBULASCOUT

A newly surfaced ransomware brand is drawing attention not because it rewrote encryption, but because it appears to be hiding better than older playbooks expected.

Gremlin Stealer Hides Its Tracks in Encrypted .NET Resources and Runtime Bytecode

Published: 21 May 2026 08:40Category: Malware & BotnetsAuthor: IRONQUERY

The latest Gremlin Stealer variant appears built for delay and concealment, combining encrypted resource storage with a commercial packer that turns ordinary code into custom bytecode.

Trusted Windows Tools Turned into a Quiet Delivery System

Published: 14 May 2026 08:12Category: Cyber Warfare & Nation-State OperationsGeo: Middle East / IranAuthor: AGONY

A reported espionage campaign shows how a signed executable can become little more than a mask when the real payload arrives through a side-loaded DLL.

Criminal Code: How Reynolds Ransomware’s Hidden Driver Disarms Defenses from Within

Published: 10 February 2026 18:19Category: Ransomware & ExtortionAuthor: TRUSTBREAKER

A new ransomware family fuses attack and evasion, embedding a vulnerable driver to quietly neutralize security tools before striking.