Continuing along my theme of Malwareless Red Teaming and approach, today I'm going to dive into the wonderful world of windows baseline noise and blending in. I wanted to dive into the perspective from a red teamer but also to highlight some detection engineering fundamentals that many might overlook.There's a habit in red teaming of over-focusing on tooling. And with the current hotness being AI all the things there's also a lack of some fundamental understanding among new researchers and blue teams of what baseline noise looks like within Windows. People spend hours debating loaders, payload formats, and frameworks, but far less time thinking about the environment they're stepping into. That gap is where most detections come from and equally is where blending in is just as important. In most cases, modern EDR doesn't really care whether something is "known bad" anymore and for a lot of them it's not even initial execution they are bothered about. It cares whether something looks out…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.