New Command-Line Obfuscation Technique Bypasses AVs and EDRs

When a command is executed with these obfuscation techniques, the obfuscated version is what gets recorded by security monitoring tools. The techniques, detailed in a comprehensive study released on March 24, 2025, exploit parsing inconsistencies in executable files to hide malicious commands in plain sight, posing a significant threat to organizations relying heavily on command-line-based detections. Security researchers have released ArgFuscator[.]net, a new platform documenting obfuscation opportunities across 68 common Windows executables. “As a general recommendation, writing resilient detections is good practice: define detection logic in a way that detects keywords of interest, even when obfuscation is applied,” advises the research. Security teams should immediately evaluate their detection methods against these obfuscation techniques to ensure proper coverage. This trend has forced security solutions to focus on command-line arguments to differentiate between legitimate and malicious uses of trusted tools. This uses dash characters instead of the traditional forward slash format (/f /im), making it harder for security tools to detect malicious process termination. “A video demonstration shows how a certutil.exe command attempting to download a file is blocked by Windows Defender, but when obfuscated using ArgFuscator.net, it works without issue,” reads the report. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. According to Wietze Beukema, unlike other obfuscation methods such as DOSfuscation or PowerShell obfuscation, command-line obfuscation is shell-independent, targeting vulnerabilities in how executables parse their arguments. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications. The tool generates obfuscated command lines that function identically to their unobfuscated counterparts while evading detection.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Apr 2025 12:20:15 +0000

Cyber News related to New Command-Line Obfuscation Technique Bypasses AVs and EDRs

New Command-Line Obfuscation Technique Bypasses AVs and EDRs - When a command is executed with these obfuscation techniques, the obfuscated version is what gets recorded by security monitoring tools. The techniques, detailed in a comprehensive study released on March 24, 2025, exploit parsing inconsistencies in ...
2 months ago Cybersecuritynews.com

ID Theft Service Resold Access to USInfoSearch Data - One of the cybercrime underground's more active sellers of Social Security numbers, background and credit reports has been pulling data from hacked accounts at the U.S. consumer data broker USinfoSearch, KrebsOnSecurity has learned. Since at least ...
1 year ago Krebsonsecurity.com Hunters

CVE-2025-38263 - In the Linux kernel, the following vulnerability has been resolved: ...
6 days ago

New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
3 months ago Cybersecuritynews.com

How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
2 years ago Csoonline.com

CVE-2015-8311 - On 2015-09-14, Marcello Duarte disclosed a vulnerability in FreeSWITCH on the Bugtraq mail list. This was assigned CVE-2015-7392 which reads: Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before ...
55 years ago Tenable.com

"Pool Party" process injection techniques evade EDRs - SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. To stymie EDRs, Leviev and his colleagues found a way to create an execution primitive based on the ...
1 year ago Helpnetsecurity.com

Researchers Uncovered Latest Version of Lumma InfoStealer with Code Flow Obfuscation - Cybersecurity researchers have recently uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, featuring advanced code flow obfuscation techniques designed to evade detection by security solutions. “This version of ...
2 months ago Cybersecuritynews.com

Purple teaming and the role of threat categorization - Red team assessment, penetration testing, and even purple team assessments are all designed to answer these questions. As attacks get more complex, these assessments struggle to provide comprehensive answers. These assessment services typically test ...
1 year ago Helpnetsecurity.com

New Variant of macOS Threat XCSSET Spotted in the Wild - To avoid downloading Xcode projects infected with XCSSET, Microsoft recommends that developers and users "always inspect and verify any Xcode projects downloaded or cloned from repositories" that potentially will spread the malware. ...
4 months ago Darkreading.com

Malicious web redirect scripts stealth up to hide on hacked sites - Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. Parrot TDS was discovered by ...
1 year ago Bleepingcomputer.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware - The integration of Qakbot with the ClickFix technique allows attackers to bypass traditional security measures by leveraging user interaction to execute malicious commands. A sophisticated social engineering technique known as ClickFix has emerged, ...
3 months ago Cybersecuritynews.com

New Malware Hijacking Docker Images with Unique Obfuscation Technique - A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique to evade detection and hijack compute resources for cryptojacking. Security researchers from Darktrace and Cado ...
2 months ago Cybersecuritynews.com

Why Is an Australian Footballer Collecting My Passwords? The Various Ways Malicious JavaScript Can Steal Your Secrets - Unit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In this article, we'll describe some of the tactics used by ...
1 year ago Unit42.paloaltonetworks.com

ClickFix Attack Emerges by Over 500% - Hackers Actively Using This Technique to Trick Users - The attack presents victims with fake error messages or verification prompts that appear legitimate, instructing them to copy and paste seemingly harmless commands to resolve fictitious technical issues. Unlike traditional attack methods, ClickFix ...
2 weeks ago Cybersecuritynews.com Kimsuky Lazarus Group MuddyWater APT3

New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
3 months ago Therecord.media

Phishing attack hides JavaScript using invisible Unicode trick - A short bootstrap script retrieves the hidden payload using a JavaScript Proxy 'get() trap.' When the hidden property is accessed, the Proxy converts the invisible Hangul filler characters back into binary and reconstructs the original JavaScript ...
4 months ago Bleepingcomputer.com

New Android Spyware Employs Tactics to Deceive Malware Analyst - In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of malware, with code obfuscation standing out as a deceptive technique. This method intentionally distorts code elements, rendering them ...
1 year ago Cybersecuritynews.com

Red Team Tool Cobalt Strike 4.11 Released With out-of-the-box Evasion Options - The update introduces a novel Sleepmask, new process injection techniques, enhanced obfuscation options, and stealthier communication methods – all designed to operate effectively without requiring extensive customization. The release also ...
3 months ago Cybersecuritynews.com

CVE-2022-23653 - B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be ...
3 years ago

CVE-2023-48221 - wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or ...
11 months ago

CVE-2021-41193 - wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue ...
3 years ago

Siemens PLCs Still Vulnerable to Stuxnet-Like Cyberattacks - Programmable logic controllers that were vulnerable to the Stuxnet attack are still in use globally and rarely have security controls deployed - meaning they're still at risk. More than 10 years after Stuxnet, new research shows users rarely switch ...
1 year ago Darkreading.com

East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com

New Command-Line Obfuscation Technique Bypasses AVs and EDRs

Cyber News related to New Command-Line Obfuscation Technique Bypasses AVs and EDRs

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)