CyberSecurityBoard
Sponsor Register Login

Zig Strike - An Offensive Toolkit to Create Payloads and Bypass AV, XDR/EDR Detections

Zig Strike is a sophisticated offensive toolkit designed to bypass advanced security solutions, including Anti-Virus (AV), Next-Generation Antivirus (NGAV), and Endpoint Detection and Response (XDR/EDR) systems. KPMG said that the toolkit also incorporates local mapping techniques that leverage Windows file mapping APIs including CreateFileMappingW and MapViewOfFile to allocate executable memory, significantly reducing suspicious memory patterns typically flagged by EDR solutions. This open-source toolkit represents a significant evolution in red team capabilities, leveraging the modern Zig programming language to create highly evasive payloads that can circumvent even Microsoft Defender for Endpoint (MDE). These techniques ensure payloads execute only in legitimate corporate environments, bypassing automated security analysis systems. This development underscores the critical need for organizations to implement layered defense strategies and continuously update their security postures against evolving threats in the modern cybersecurity landscape. The Zig-based toolkit creates evasive payloads that bypass AV, XDR, and EDR security systems. Remote thread hijacking escalates this approach by targeting existing threads in remote processes, utilizing GetThreadContext and SetThreadContext APIs to manipulate the instruction pointer (RIP) directly to shellcode. Zig Strike fragments shellcode into smaller segments stored as Base64-encoded UTF16 wide-string variables within the PE file’s .rdata section, making detection significantly more challenging for static analysis engines. Employs four injection techniques, including thread hijacking and memory mapping for stealth execution. Future releases will incorporate direct and indirect syscalls, additional injection techniques, and sleep obfuscation methods to further enhance evasion capabilities. Remote mapping extends this concept through cross-process injection using MapViewOfFileNuma2 API to map shellcode into remote process address spaces.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 30 Jun 2025 07:35:13 +0000


Cyber News related to Zig Strike - An Offensive Toolkit to Create Payloads and Bypass AV, XDR/EDR Detections

Zig Strike - An Offensive Toolkit to Create Payloads and Bypass AV, XDR/EDR Detections - Zig Strike is a sophisticated offensive toolkit designed to bypass advanced security solutions, including Anti-Virus (AV), Next-Generation Antivirus (NGAV), and Endpoint Detection and Response (XDR/EDR) systems. KPMG said that the toolkit also ...
4 hours ago Cybersecuritynews.com
Inside the Challenges of XDR Implementation and How to Overcome Them - Unlike endpoint detection and response, which collects only endpoint security telemetry, XDR collects data from native and third-party security domains including endpoints, cloud workloads, identities and more, then aggregates and applies relevant ...
1 year ago Securityboulevard.com
Silly EDR Bypasses and Where To Find Them - One of the drawbacks of direct & indirect syscalls is that it's clear from the callstack that you bypassed the EDR's user mode hook. As you can see from the last image, when a call is done through a hooked function the return address for the EDR's ...
1 year ago Malwaretech.com
How AI is strengthening XDR to consolidate tech stacks - VentureBeat continues to see CISOs and their security teams migrate from Endpoint Detection and Response to XDR for greater consolidation savings and a more unified view of all attack surfaces and potential threats. XDR is riding a strong wave of ...
1 year ago Venturebeat.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
2 months ago Cybersecuritynews.com
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection - To effectively counter these threats, organizations must integrate Digital Forensics, Extended Detection and Response (XDR), and Endpoint Detection and Response (EDR) into a unified security framework. It involves two main components: digital ...
2 months ago Cybersecuritynews.com
Improving Threat Detection: The Role Of MDR And XDR In Your Security Operations - MDR and XDR represent the next generation of threat detection and response, addressing the limitations of traditional security tools and enabling organizations to stay ahead of sophisticated adversaries. For organizations just beginning to mature ...
1 month ago Cybersecuritynews.com
XDR In Penetration Testing: Leveraging Advanced Detection To Find Vulnerabilities - For example, XDR’s ability to map telemetry from endpoints, firewalls, and cloud platforms might reveal that a vulnerability in a legacy application allows attackers to bypass network segmentation controls, a scenario that individual security tools ...
2 months ago Cybersecuritynews.com
SentinelOne vs Palo Alto Cortex XDR: Which Tool is Best? - SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. SentinelOne's Singularity platform offers four subscription tiers that include their ...
1 year ago Techrepublic.com
Extended Detection and Response: The Core Element of Zero-Trust Security - Extending and enhancing threat detection and response capabilities in the face of a growing attack surface is the primary result of XDR when it comes to security efficacy. This outcome can contribute not only to comprehensive protection but also to ...
1 year ago Securityboulevard.com
An Introduction to Bypassing User Mode EDR Hooks - While cross-referencing notes against old blog posts, I realized that I never actually published the majority of my work on system calls and user mode hooking. System calls are the standard way to transition from user mode to kernel mode. On Windows, ...
1 year ago Malwaretech.com
Embracing offensive cybersecurity tactics for defense against dynamic threats - In this Help Net Security, Alexander Hagenah, Head of Cyber Controls at SIX, discusses the critical steps in creating effective offensive security operations and their impact on organizational security strategies. The first line of defense is often ...
1 year ago Helpnetsecurity.com
Windows Incident Response: EDRSilencer - Going unnoticed on an endpoint when we believe or feel that EDR is prevalent can be a challenge, and this could be the reason why these discussions have taken hold. If you look at other aspects of EDR and SOC operations, there are plenty of ...
1 year ago Windowsir.blogspot.com Silence
Windows Incident Response: Round Up - MSSQL is still a thingTheDFIRReport recently posted an article regarding BlueSky ransomware being deployed following MSSQL being brute forced. I'm always interested in things like this because it's possible that the author will provide clear ...
1 year ago Windowsir.blogspot.com
Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security - As we enter 2024, your organization may have unused MACC or Azure commit-to-consume credits as your annual renewal date draws near. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check ...
1 year ago Blog.checkpoint.com
Extended Detection and Response (XDR) - CISO Investment Trends - By consolidating telemetry data and applying advanced analytics, XDR enables security teams to prioritize high-fidelity alerts and accelerate incident resolution a critical advantage in an era when median breach costs exceed $4.5 million. Proactive ...
1 month ago Cybersecuritynews.com
Kaspersky Unveils New Flagship Product Line for Business, Kaspersky Next - PRESS RELEASE. Woburn, MA - April 16, 2024 - Today Kaspersky introduced its new flagship product line, Kaspersky Next, combining robust endpoint protection with the transparency and speed of EDR, alongside the visibility and powerful tools of XDR. ...
1 year ago Darkreading.com
What is offensive security? - Offensive security is the practice of actively seeking out vulnerabilities in an organization's cybersecurity. In the past, offensive security referred to methods to actively slow down or to find information about attackers. This is no longer widely ...
1 year ago Techtarget.com
ANY.RUN Unveils Q1 2025 Malware Trends Report - ANY.RUN’s latest malware trends report reveals substantial increases in threat activity across multiple categories, providing critical intelligence for security professionals as cyber threats continue to evolve at an alarming pace. Stealers ...
1 month ago Cybersecuritynews.com
Malicious use of Cobalt Strike down 80% after crackdown, Fortra says | The Record from Recorded Future News - Microsoft, the Health Information Sharing and Analysis Center (Health-ISAC) and Fortra, which bought Cobalt Strike in 2020, have worked since 2023 to address the longstanding issue of pirated and unlicensed versions of the software being downloaded ...
3 months ago Therecord.media
International Operation Takes Down 593 Malicious Cobalt Strike Servers - Law enforcement agencies from around the world have successfully shut down 593 rogue servers running unauthorized versions of Cobalt Strike, a tool often misused by cybercriminals. Cobalt Strike, developed in 2012 by Raphael Mudge and now owned by ...
11 months ago Cybersecuritynews.com
10 Best EDR Tools ( Endpoint Detection & Response) - 2025 - What is good?What Could Be Better ?Provides comprehensive endpoint monitoring.Some users might find the installation and configuration process of the solution tedious.Protect your entire security stack with in-depth threat intelligence.Some users ...
3 months ago Cybersecuritynews.com
Stellar & Blackberry Join to Deliver Open XDR to MSSPs and Enterprise - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR, has entered into a new partnership with BlackBerry to deliver a comprehensive threat detection and response solution ...
1 year ago Americansecuritytoday.com PLATINUM
MSSPs: Differentiate your Managed Security Offerings with Cisco XDR - As an MSSP, there is no overstating the intense and well-founded focus on pervasive network security. Whether an organization is looking to secure the network, endpoint, email, cloud, applications, identity, or anything in between, security ...
1 year ago Feedpress.me
Microsoft Defender for Endpoint is Integrated with Check Point Horizon XDR/XPR - Microsoft Defender for Endpoint integrates with Check Point's extended detection and response solution - Horizon XDR/XPR. One-click integration connects the endpoint solution and telemetry is added to the XDR/XPR artificial intelligence driven data ...
1 year ago Blog.checkpoint.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)