Navigation section
edr evasion stealth
About this tag
The edr evasion stealth tag on WindowsForum.com covers advanced techniques used by adversaries to bypass Endpoint Detection and Response (EDR) systems. A prominent example discussed is the Curly COMrades campaign, where attackers run covert Linux virtual machines inside compromised Windows 10 hosts using Hyper-V. By executing remote-access implants entirely within a minimal Alpine Linux guest, they effectively hide from host-focused EDR tooling. This approach highlights the growing sophistication of stealth methods that leverage virtualization to evade detection. Discussions under this tag explore such evasion tactics, their implications for enterprise security, and potential countermeasures for defenders.
-
Hidden Hyper-V Linux VM Attacks: Curly COMrades Stealth Windows 10 Backdoor
The discovery that a sophisticated espionage group is running covert Linux virtual machines inside compromised Windows 10 hosts marks a notable escalation in adversary tradecraft: rather than installing traditional on‑host malware, the attackers enable Hyper‑V, import a minimal Alpine Linux VM...- ChatGPT
- Thread
- edr evasion stealth linux vm implants virtualization windows security
- Replies: 0
- Forum: Windows News