Leveraging Raw Disk Reads to Bypass EDR
medium.com/workday-engi...
medium.com/workday-engi...
Leveraging Raw Disk Reads to Bypass EDR
Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect…
medium.com
October 18, 2025 at 6:36 PM
Everybody can reply
EDR vs Antivirus: What You Need to Know About the Differences https://www.businesstechweekly.com/cybersecurity/application-security/edr-vs-antivirus/
EDR vs Antivirus: What You Need to Know About the Differences
EDR vs Antivirus: Discover key differences between EDR and antivirus solutions to choose the best protection for your business.
www.businesstechweekly.com
October 18, 2025 at 6:06 PM
Everybody can reply
Wazuh for SIEM, Velociraptor for EDR, DFIR-IRIS as a ticketing system, and Shuffle for automation.
I have plans to add in a cmdb, misp, and a few other things.
Some things are FOSS*, but most are legit.
*Paid enterprise version available, but self hosting options with public source.
I have plans to add in a cmdb, misp, and a few other things.
Some things are FOSS*, but most are legit.
*Paid enterprise version available, but self hosting options with public source.
October 18, 2025 at 4:21 AM
Everybody can reply
1 likes
On a new Queen City Improvement Bureau:
• Aidan saw The Master Plan!
• EDR beclowns itself w/ its budget presentation
• Why are residential roads getting wider?
• Big news for downtown
• Paul sounds like a dot matrix printer printing an ASCII version of that Nick Nolte mug shot
#yqrcc
• Aidan saw The Master Plan!
• EDR beclowns itself w/ its budget presentation
• Why are residential roads getting wider?
• Big news for downtown
• Paul sounds like a dot matrix printer printing an ASCII version of that Nick Nolte mug shot
#yqrcc
Oct 16 2025 - With Apologies For Paul's Fragged Voice — Queen City Improvement Bureau
On this week's meeting agenda: Aidan escaped the sub-basement and caught a showing of The Master Plan at the newly renovated Globe Theatre. Admin has been talking for months about how they cha...
queencityib.com
October 17, 2025 at 5:57 PM
Everybody can reply
2 reposts
3 likes
Need help with browser policies, allowlists, or EDR? Our Chicago MSP can audit extensions and train staff fast. DM to start.
www.reintivity.com/enterpris...
www.reintivity.com/enterpris...
October 17, 2025 at 3:51 PM
Everybody can reply
EDR stops at the endpoint. XDR goes further — across your entire digital ecosystem.
Discover how shifting from EDR to XDR : www.synergyit.com/24-7-protect...
#CyberDefense #XDR #SOC #CyberThreats #BusinessSecurity #CyberSecurity #ManagedSecurity #EDR #VirtualSOC #ManagedIT #USA #Canada
Discover how shifting from EDR to XDR : www.synergyit.com/24-7-protect...
#CyberDefense #XDR #SOC #CyberThreats #BusinessSecurity #CyberSecurity #ManagedSecurity #EDR #VirtualSOC #ManagedIT #USA #Canada
October 17, 2025 at 2:58 PM
Everybody can reply
1 likes
1️⃣ Control Plane Access = Full Cloud Compromise
Red Teams target cloud consoles (e.g., AWS, Azure) to snapshot disks, bypass EDR, and dump credentials offline.
Example: Extracting VMDKs and analyzing LSASS memory with WinDbg.
We do this when endpoint defenses are too hardened for direct access.
Red Teams target cloud consoles (e.g., AWS, Azure) to snapshot disks, bypass EDR, and dump credentials offline.
Example: Extracting VMDKs and analyzing LSASS memory with WinDbg.
We do this when endpoint defenses are too hardened for direct access.
October 17, 2025 at 2:31 PM
Everybody can reply
Ja tenim aquí l'EDR #581 amb Sau i el seu retorn de pel·lícula en portada! ✨
🔸 També hi entrevistem Irieix, Jovedry o Gregotechno, i parlem dels nous temes de Gavina.mp3 o Buhos, entre altres.
Tot teu! 👇🏻👇🏻
www.enderrock.cat/edr/numero581
🔸 També hi entrevistem Irieix, Jovedry o Gregotechno, i parlem dels nous temes de Gavina.mp3 o Buhos, entre altres.
Tot teu! 👇🏻👇🏻
www.enderrock.cat/edr/numero581
October 17, 2025 at 1:30 PM
Everybody can reply
If a corpo laptop comes with with regular user creds its a goldmine for attackers. Cached user account creds to crack, EDR info attacker needs to bypass, offline priv esc to get any juicey details without alerting SOC and so much more. I bet most corpo laptops are insecure by default.
October 17, 2025 at 11:58 AM
Everybody can reply
Critical vuln: Moxa EDR-G9010 v1.0 allows privilege escalation via broken API access. Restrict /api/v1/setting/data now, patch when available! https://radar.offseq.com/threat/cve-2025-6893-cwe-250-execution-with-unnecessary-p-cd75690d #OffSeq #Vulnerability #ICS
October 17, 2025 at 10:34 AM
Everybody can reply
CRITICAL: Moxa EDR-G9010 v1.0 vuln lets low-priv users create admin accounts—full device takeover possible. Restrict access & monitor now! No patch yet. https://radar.offseq.com/threat/cve-2025-6949-cwe-250-execution-with-unnecessary-p-a99a72ca #OffSeq #CVE20256949 #OTsecurity
October 17, 2025 at 9:04 AM
Everybody can reply
CRITICAL: Moxa EDR-G9010 v1.0 flaw (CVE-2025-6950) lets attackers bypass auth via hard-coded JWT secrets. Isolate devices & restrict access until a patch arrives. https://radar.offseq.com/threat/cve-2025-6950-cwe-798-use-of-hard-coded-credential-0e6643cd #OffSeq #OTsecurity #Vulnerability
October 17, 2025 at 7:34 AM
Everybody can reply
Trellix products, especially the McAfee-side, are frustrating with frequent issues and unresolved support tickets. Users face problems like DLP crashing Microsoft Edge and a clunky SIEM. The EDR is unreliable, making the overall experience unbearable.
Trellix products are unbearable
Honestly, I wouldn’t wish them on my worst enemy—Mainly the McAfee-side of their stack. Nothing works properly. All you end up doing is opening endless support tickets that either never get resolve...
reddit.com
October 16, 2025 at 11:42 PM
Everybody can reply
1 likes
AI, EDR, and Hacking Things - PSW #896 First up is a technical segment on UEFI shells: determining if they contain dangerous functionality that allows attackers to bypass Secure Boot. Then in the s...
#Podcast
Origin | Interest | Match
[Audio] [Original post on sw-all.libsyn.com]
#Podcast
Origin | Interest | Match
[Audio] [Original post on sw-all.libsyn.com]
October 17, 2025 at 10:30 PM
Everybody can reply
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation — it’s a gamble. You don’t bui...
Origin | Interest | Match
Origin | Interest | Match
How to find F5 BIG-IP CVEs using Tenable Vulnerability Management | Tenable®
Detailed steps Tenable customers can take immediately to address the urgent F5 BIG-IP breach. Also included: general guidance on how organizations can protect themselves in the aftermath of the F5 breach by a nation-state actor.
www.tenable.com
October 16, 2025 at 9:51 PM
Everybody can reply
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation — it’s a gamble. You don’t bui...
Origin | Interest | Match
Origin | Interest | Match
How to find F5 BIG-IP CVEs using Tenable Vulnerability Management | Tenable®
Detailed steps Tenable customers can take immediately to address the urgent F5 BIG-IP breach. Also included: general guidance on how organizations can protect themselves in the aftermath of the F5 breach by a nation-state actor.
www.tenable.com
October 16, 2025 at 11:19 PM
Everybody can reply
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation — it’s a gamble. You don’t bui...
Origin | Interest | Match
Origin | Interest | Match
How to find F5 BIG-IP CVEs using Tenable Vulnerability Management | Tenable®
Detailed steps Tenable customers can take immediately to address the urgent F5 BIG-IP breach. Also included: general guidance on how organizations can protect themselves in the aftermath of the F5 breach by a nation-state actor.
www.tenable.com
October 16, 2025 at 8:38 PM
Everybody can reply
WatchGuard Introduces Endpoint Security Prime WatchGuard launches Endpoint Security Prime, an AI-powered EDR and NGAV solution that delivers enterprise-grade protection and affordability for every ...
#Tools #& #Platforms
Origin | Interest | Match
#Tools #& #Platforms
Origin | Interest | Match
WatchGuard introduces Endpoint Security Prime
WatchGuard launches Endpoint Security Prime, an AI-powered EDR and NGAV solution that delivers enterprise-grade protection and affordability for every business.
www.channelinsider.com
October 16, 2025 at 8:09 PM
Everybody can reply
ランドローバー、アサヒGHD、そしてBlackSuit_Blitzはいずれも、VPNを突破点とするAD侵害→仮想基盤暗号化→データ二重恐喝という三段構造の攻撃モデルを共有しています。攻撃者が共通のオペレーションマニュアルに基づき行動している可能性も踏まえ、信頼できる検知トリガー(EDR/XDRによる確実な検知・SIEMルール)と、封じ込めPlaybook(SOAR/Ansible/Runbook)、さらにESXi層を即時隔離するAPI-based lockdownの組み合わせが、今後の防御実務における鍵となります。
October 16, 2025 at 4:55 PM
Everybody can reply
Ben Jones & Désirée Lim's, "The #Ethics of #Defunding the #Police", just was recognized as the First Runner-Up for the 2025 Elizabeth D. Rockwell #Prize for #Best #Article on Ethics, Leadership & Public Policy! Congratulations!
www.uh.edu/hobby/edr-ce...
Original Article: doi.org/10.1017/S153...
www.uh.edu/hobby/edr-ce...
Original Article: doi.org/10.1017/S153...
2025 Elizabeth D. Rockwell Prize for Best Article on Ethics, Leadership and Public Policy
The Elizabeth D. Rockwell Center on Ethics and Leadership at the Hobby School of Public Affairs is pleased to announce this year’s winner and first runner-up of the 2025 Elizabeth D. Rockwell Prize…
www.uh.edu
October 16, 2025 at 3:22 PM
Everybody can reply
1 reposts
2 likes
Scene: Giving vendors love at a security conference.
Me: Tell me about this product.
Vendor: EDR for your browser. Majority of work interactions are in the browser and not specifically the OS. Fight the battle here. Cross platform cross browser extension. Easy management. Logging.
Me: Holy […]
Me: Tell me about this product.
Vendor: EDR for your browser. Majority of work interactions are in the browser and not specifically the OS. Fight the battle here. Cross platform cross browser extension. Easy management. Logging.
Me: Holy […]
Original post on infosec.exchange
infosec.exchange
October 16, 2025 at 3:08 PM
Everybody can reply
It's MAP-MS, aka eDR commercially. @searleb.bsky.social gave a great writeup about how it is different from boxcar.
www.linkedin.com/pulse/how-ma...
www.linkedin.com/pulse/how-ma...
How MAP-MS improves MS1 dynamic range
People have asked about how MAP-MS (Multiple Accumulation Precursor Mass Spectrometry) works so here's a post on @teerap16's new preprint: https://www.biorxiv.
www.linkedin.com
October 16, 2025 at 2:46 PM
Everybody can reply
F5 BIG-IP Breach: 44 CVEs That Need Your Attention Now Partnering with an EDR vendor after a nation-state has already stolen your source code isn’t innovation — it’s a gamble. You don’t bui...
Origin | Interest | Match
Origin | Interest | Match
How to find F5 BIG-IP CVEs using Tenable Vulnerability Management | Tenable®
Detailed steps Tenable customers can take immediately to address the urgent F5 BIG-IP breach. Also included: general guidance on how organizations can protect themselves in the aftermath of the F5 breach by a nation-state actor.
www.tenable.com
October 16, 2025 at 8:46 PM
Everybody can reply
Phishing, ransomware, malware, denial of service, brute force, AI...SEIM, EDR, DLP, SOC, MFA, strong passwords... education, awareness
October is Cybersecurity Awareness Month. Cybersecurity isn’t just IT’s job; it’s everyone’s responsibility.
October is Cybersecurity Awareness Month. Cybersecurity isn’t just IT’s job; it’s everyone’s responsibility.
October 16, 2025 at 2:14 PM
Everybody can reply
Jupiter - NASA's Juno PJ 37 - Stellar Reference Unit Camera - From Andrea Luck (andrealuck.bsky.social) - https://flic.kr/p/2ptB35d
October 16, 2025 at 12:00 PM
Everybody can reply
5 reposts
28 likes