As open-source offensive security tools continue to advance, tracking similar implementations will provide early warnings of new infrastructure and refine detection methodologies. Pyramid, first released on GitHub in 2023, is a Python-based post-exploitation framework designed to evade endpoint detection and response (EDR) tools. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Security analysts at Hunt.io identified that this in-memory execution allows operators to act within the context of a signed Python interpreter, potentially bypassing traditional endpoint security measures. Pyramid is built on Python’s legitimate presence in many environments, utilizing a Python-based HTTP/S server to deliver files and act as a C2 server for offensive operations. By focusing on authentication challenges, response headers, and specific error messages, defenders can improve detection fidelity and minimize false positives. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Its lightweight HTTP/S server capabilities make it an attractive choice for malicious actors seeking to minimize detection. Hackers have been leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. These servers were linked to domains resembling DevaGroup, an internet marketing service, though no malicious samples have been found yet.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Feb 2025 07:20:42 +0000