Report an incident
Customer Portal
When Defense Tools Turn Adversarial: Detecting the Misuse of Velociraptor in Modern Attack Chains
← Back to Labs
← Volver a Labs
Medium
CyberCrime, LOLBin
Command and Control, Defense Evasion, Execution, Privilege Escalation
EDR

When Defense Tools Turn Adversarial: Detecting the Misuse of Velociraptor in Modern Attack Chains

We are witnessing a significant evolution in adversary tactics: threat actors are actively leveraging legitimate, open-source incident response tools like Velociraptor for malicious purposes, effectively adopting a "misuse pattern" instead of relying solely on custom malware. This evolving tactic highlights the need for vigilance in monitoring and detecting unauthorized Velociraptor use to effectively intercept and mitigate misuse before it leads to further compromise or ransomware deployment.

Download PDF

labs correlati

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation
Medium
Bypass
Privilege Escalation
Sysmon, Windows

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

Learn more
BlueHammer windows Zero-Day
Medium
Bypass
Privilege Escalation
EDR, Sysmon, Windows

BlueHammer windows Zero-Day

Learn more
Weaponizing Windows Toast Notifications Abuse of ToastNotify.exe for Phishing and Credential Coercion
Medium
Bypass
Defense Evasion
EDR, Sysmon, Windows

Weaponizing Windows Toast Notifications: Abuse of ToastNotify.exe for Phishing and Credential Coercion

Learn more
1 2 3 12

Contacts

Get in touch with us

Contact Us
Sorint.SEC
Via dell'Artigianato,
24046 Osio Sotto BG
Italy


+39 035 0510401
info@sec.sorint.it
Pages
Services
Certifications
chevron-right