Agenda Ransomware Adopts TrueSightKiller for EDR Evasion
Thread detailing how the Agenda ransomware group incorporated the open-source TrueSightKiller tool to disable antivirus and EDR systems via BYOVD techniques.
Related Research
CrazyHunter Campaign Targets Taiwanese Critical Sectors
Identified CrazyHunter targeting Taiwanese healthcare and education using 80% open-source tooling and BYOVD attacks.
Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed
Analysis of a new ransomware group with adaptive defense evasion — custom-patching anti-AV tools mid-attack based on target recon.
Chaos Ransomware Leverages Advanced Anti-EDR Techniques
Thread analyzing the Chaos ransomware campaign leveraging malicious DLL sideloading and kernel-level driver deployment for broad defense evasion against EDR solutions.
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
Deep-dive analysis of Warlock (Water Manaul) ransomware operations revealing new TTPs including persistent BYOVD techniques, TightVNC and Yuze remote access tools, and 15-day dwell time before LockBit-derived ransomware deployment.