Security Boulevard

Won’t Tim Think of the Children? End-to-end encryption battle continues.

The post Apple vs. UK — ADP E2EE Back Door Faceoff appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘RNA’ appeared first on Security Boulevard.

This is the second article of our series about anti-detect browsers. In the first article, we gave an overview of anti-detect browsers, their main features and what they’re used for. In this second article, we do a deep dive into Undetectable, a popular anti-detect browser.

We start by

The post Anti-detect browser analysis: How to detect the Undetectable browser? appeared first on Security Boulevard.

When we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary tradecraft, constantly innovating in research and tooling. We aspired to set the cadence of the cyber security industry through a commitment to benefit our entire security community. Today, I am thrilled to announce that SpecterOps has raised $75 million in Series B funding to further our mission and strengthen our work in solving the complex problems posed by Identity Attack Paths.

We look forward to expanding the reach of BloodHound, our platform for comprehensively identifying and removing Identity Attack Paths and accelerating our contributions to the community through open-source tools and research. As we look to the future, we are growing product engineering and research teams to continue to build out attack path coverage and features in the BloodHound platform, in addition to sales and marketing teams to better serve our customers and the broader security community.

The Series B round was led by global software investor Insight Partners, with participation from Ansa Capital, M12, Ballistic Ventures, Decibel, and Cisco Investments. We are privileged to work with partners that bring strong cybersecurity expertise and, most importantly, they understand the complexity of the problem we are trying to solve. Their support will be invaluable as we continue our growth trajectory.

As corporate systems become more distributed and complex due to cloud adoption and organizational change, Identity Risk becomes increasingly prevalent. Identity services, like Microsoft Active Directory and Entra ID, become pathways into enterprise networks. These environments become extremely challenging to secure against attacks as their complexity enables exponential growth in lateral movement and escalation opportunities which are difficult to detect. Tens of thousands of user accounts and devices across multiple technology stacks, coupled with decades of built-up technical debt and misconfigurations, create Identity Attack Paths that attackers can exploit to turn initial access into complete enterprise takeover.

Strong Identity security, centered through Attack Path Management, significantly constrains attackers’ options as they gain initial footholds into the enterprise, preventing them from attaining their objectives and causing devastating business impacts. Our approach focuses on identifying the Attack Paths that matter most — the “choke points” that lead to high-value assets. Attack Path Management identifies the least disruptive configuration changes that will reduce the most risk. On average, our customers see a 40% reduction in Identity Risk in the first 30 days of implementation.

Since launching BloodHound Enterprise in 2021, SpecterOps has experienced significant growth in company headcount, new customers, and revenue. We received FedRAMP® High Authorization for BloodHound Enterprise in December 2024 and earned CREST accreditation for penetration testing services this January. Within the last year, Kevin Mandia joined us as chair of our Board of Directors, and we launched our fast-growing channel partner program to accelerate adoption of Attack Path Management to combat complex Identity Risk.

Our team exists as a collection of aspirations made real by hard work, but we also exist within the constraints of the society in which we operate. We believe that security is a fundamental right in our increasingly digital world, and our mission is to help organizations protect their most critical assets from sophisticated attackers.

I invite you to join me, along with fellow executives Jared Atkinson and Justin Kohler, for a webinar on “What’s New in BloodHound: Latest Updates and A Look Ahead” at 2 p.m. EDT on Thursday, March 20. Additionally, SpecterOps will host our annual cybersecurity conference SO-CON 2025 March 31-April 1 in Arlington, Virginia. To register for the event, visit https://specterops.io/so-con/.

We feel incredibly grateful for the partners, customers, and friends we have gained throughout our company journey, and we are excited for the next stage in our growth as we continue our work to strengthen Identity security and help organizations better protect themselves in an increasingly complex threat landscape.

Fueling the Fight Against Identity Attacks was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Fueling the Fight Against Identity Attacks appeared first on Security Boulevard.

Properly securing containers has never been easy, but the rise of software supply chain attacks — and new threats coming from AI — makes additional security controls essential. Threats and risks must be identified and addressed before containers are deployed, of course, but because the size and complexity of these virtual, self-contained software applications can grow enormously post-deployment, security efforts must never cease.

The post 7 container security best practices appeared first on Security Boulevard.

In our newest MixMode report, we break down how a critical infrastructure provider uncovered active nation-state and insider threats within three days of deploying our AI-driven security platform.

The post MixMode Uncovers Nation-State Attacks, Insider Threats, and Regulatory Risks in Critical Infrastructure Environment within 3 Days of Deployment appeared first on Security Boulevard.

Author/Presenter: Jeffrey Knockel, Mona Wang

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – War Stories – Breaking Network Crypto In Popular Chinese Keyboard Apps appeared first on Security Boulevard.

Eric Gan, who last month filed a lawsuit against top Cybereason investors for rejecting multiple financing plans, reportedly resigned as the company's CEO after months of turmoil within the cybersecurity company's boardroom.

The post Cybereason CEO Resigns Amid Funding Dispute with Investors appeared first on Security Boulevard.

The massive Eleven11bot has compromised more than 86,000 IoT devices, including security cameras and network video recorders, to launch hundreds of DDoS attacks, and security researchers say the threat actors behind the botnet are trying to grow it even more.

The post Eleven11bot Captures 86,000 IoT Devices for DDoS Attacks appeared first on Security Boulevard.

We’re losing — but it can’t get any worse, right?

LLMs are being used in many ways by attackers; how blind are you?

We’re spending hundreds of billions and losing trillions in cybersecurity. The industry structure is partially to blame. AI is here to help, right? Well, as others have pointed out, AI is being adopted more rapidly by attackers than it is by defenders. With that in mind, I decided to dive into the details. How are attackers using our favorite friends, the LLM? And how is AI enabling more “living on the land” attacks that our existing systems are unable to discern?

In this series, I dive into 5 vectors being enhanced by LLMs. Each post explores why the technique is more effective now and refers to industry and academic research. I also include code examples to make it very concrete for practitioners. This blog examines the first vector: AI-Generated Polymorphic Malware. Subsequent posts will cover Obfuscated Command & Control Channels, AI-Recrafted “Frankenstein” Attacks, and AI-Enhanced Social Engineering & Phishing, before concluding the series by examining how these are all used for sophisticated “living on the land” TTPs and, on an optimistic note, briefly touching upon the use of Collective Defense for Deep Learning. .

Part 1: Polymorphic Malware — Shape-Shifting Attacks

“Polymorphic malware” refers to malicious code that changes its form to evade detection. Historically, malware authors achieved this through packers, obfuscators, or self-modifying code. Now, LLMs help attackers improve polymorphism — automating the generation of malware variants and even producing malicious payloads on the fly. As explained in this darkreading article, AI models can create malware that “contains no malicious code at all” until runtime, making it extremely hard to detect with signature-based or static analysis tools.

AI-Driven Polymorphism Explained

LLMs enable malware to evolve in real time, defeating security solutions that rely on known patterns. For example, researchers found OpenAI’s ChatGPT could write “highly advanced malware that contains no malicious code at all”, instead generating malicious functionality dynamically when needed​.

This means a malware file might appear benign to antivirus scanners and other signature-based approaches, only fetching or creating harmful code via an AI API at runtime. Security firm CyberArk demonstrated exactly this: using ChatGPT’s API from within malware to pull injection code and mutate it on demand​. The result is cheap, easy “ChatGPT polymorphic malware” that poses “significant challenges for security professionals.”​ Each time the malware runs, the code it uses is freshly synthesized and unique, bypassing traditional signature detection.

Migo Kedem (follow this link for their LinkedIn), formerly of SentinelOne and now at CrowdStrike, in an excellent blog introduces a proof-of-concept called BlackMamba that anticipated the use of this approach. BlackMamba is a polymorphic keylogger that uses a benign program to reach out to a cloud AI service, in this case OpenAI, at runtime; it then retrieves malicious code, and executes it in-memory​. By pulling payloads from a trusted AI provider instead of a suspicious server, BlackMamba’s network traffic looks normal — as if the infected system is simply querying an AI model. And because the AI generates a new variant of the payload each time, no two infections look alike on disk​.

BlackMamba was designed to defeat two approaches:

• Static signatures: Since the malware’s code is synthesized dynamically and differently for each run, file hashes and byte signatures are never the same twice. One BlackMamba sample might request the AI to produce a PowerShell snippet for keylogging, and another sample might get equivalent C# code — same behavior, completely different code.
• Network detection: Instead of contacting an obvious command-and-control (C2) server, the malware talks to an API on openai.com — a domain unlikely to be blocked and generally considered safe; note this could be considered an example of living on the land in that they are really just using OpenAI. The AI responses don’t trip typical C2 pattern-matching since they resemble normal API traffic and the conten returned from OpenAIt looks like innocuous text until executed.

Industry experts have taken note of this trend. In early 2023, DarkReading warned that “ChatGPT could usher in a new dangerous wave of polymorphic malware”​

Evidence of Polymorphic Malware

Concrete examples underscore why this technique is important:

• CyberArk’s Polymorphic Malware POC: CyberArk researchers used ChatGPT to generate malware that could morph itself​. The AI produced code for each attack stage, creating injection code and continually mutating it​. This experiment showed that even less-skilled threat actors could leverage an LLM to produce malware that evades EDR and AV.
• ChatGPT-Based Mutation Services: By mid-2023, underground forums began discussing and advertising custom AI models like WormGPT and FraudGPT fine-tuned for malicious tasks. These models allow attackers to bypass the ethical filters of ChatGPT and freely generate malware and malicious macros. Mandiant reported that North Korea’s APT43 even purchased access to WormGPT in 2023​, indicating serious interest in AI-assisted malware development by nation-states.
• This Github repository on the use of AI by Attackers started by Rachel James (follow link to their LinkedIn) is one of the best I have found in tracking this emerging domain. Please add any pointers you’ve found below.

Code Example: Malware That Writes Itself Using an LLM

To illustrate how an attacker might implement this sort of polymorphic behavior, consider this Python pseudo-code. As you can see, the snippet uses an AI model to generate a malicious function at runtime and executes it:

import base64

import openai # hypothetical library for AI API

# 1. Define a prompt to request malicious code (e.g., a keylogger) from the LLM

prompt = (

“You are a helpful coding assistant. Please provide a Python function called “

“‘steal_keystrokes’ that reads pressed keys and sends them as base64 to a server. “

“Do not include any explanations, just provide the code.”

)

# 2. Call the LLM API to generate the code

response = openai.Completion.create(model=”LLM-of-choice”, prompt=prompt)

malicious_code = response[‘choices’][0][‘text’]

# 3. For added polymorphism, mutate the code slightly (e.g., random variable names)

# (In practice, we could prompt the LLM again to obfuscate or rename variables)

# 4. Execute the generated code dynamically

exec(malicious_code)

# Now the steal_keystrokes function is defined in memory and can be invoked,

# accomplishing the malicious behavior without ever writing static malicious code to disk.

steal_keystrokes()

As you can see:

• Step 1, the malware crafts a prompt asking the LLM for a specific malicious function
• Step 2, it gets back code, for example a function that uses keyboard hooks.
• Step 3, it executes that code within its process.

Notice that the malicious logic (the steal_keystrokes function) never existed in the source code — it was created at runtime. The attacker can tweak the prompt or use a slightly different mode each time it runs, yielding a variation in the code such as different function names, logic structure, encoding, and so on. This dynamic code generation defeats file-based detection and makes each instance unique.

Such polymorphic techniques can also be combined with encryption or encoding. For example, the malware could ask the LLM to return the payload in base64, as shown above, or another encoding, then decode and execute — further obscuring the content from scanners.

Why Traditional Security Struggles to Detect It

Conventional cybersecurity defenses are challenged on multiple fronts by AI-generated polymorphic malware:

• Signature Evasion: Signatures such as known byte patterns and YARA rules are ineffective when each malware instance is one-of-a-kind. Even heuristic rules looking for certain code structures can be fooled because an AI can implement the same behavior in novel ways. As one report put it, “new variants…maintain the same behavior…while almost always having a much lower malicious score” in scanners​.
  thehackernews.com
• Behavioral Detection Limits: Behavior-based monitoring, which is typically looking for actions like file encryption, suspicious process injection and so on, is still useful, however sophisticated AI malware might perform those actions in bursts or embed them in normal-looking processes. What is more, if the AI code is fetched just-in-time, by the time the malicious action occurs, it might be too late for preventative controls to react.
• Living-off-the-Land: Many AI-assisted attacks use legitimate tools and channels — such as using the OpenAI API in our example. This blends malicious actions with normal operations. Security tools that allow or ignore trusted processes — such as a signed binary making an outbound HTTPS connection- will not see anything malicious about the call to an AI service. One key implication — it is important to be aware of brittle telemetry, which cements your inability to see potentially malicious behavior; be thinking about how to future-proof your telemetry to prepare for approaches that make use of a greater breadth of increased information. We’ve heard engineering teams in larger enterprises considering this when they invest in Snowflake and internal security datalakes and systems to adapt their telemetry such as Cribl or in-house developed equivalents.
• Volume and Speed: AI can allow a single attacker to quickly generate thousands of malware variants. This overwhelms defenders’ ability to triage alerts or produce counter-signatures, and we have seen behavior that suggests attackers are well aware of how this can overwhelm a SOC. The same approach also degrades traditional machine learning — by flooding them with variants, attackers can confuse or evade these models​.

As highlighted in this article (thehackernews.com) Palo Alto’s Unit 42 used an LLM to iteratively rewrite a known malicious script and managed to flip their own ML-based malware classifier verdict from malicious to benign 88% of the time​.

Traditional defenses, which rely on catching known bad indicators or very overt violations of behavioral patterns, cannot keep up with this AI-fueled mutation cycle.

So — how bad can it be?

In a future post, I’ll talk about how and why DeepTempo and other approaches are being adopted to counter polymorphic attacks. In this post — hopefully I made the threat more real and shared some context we all need to counter this all too real threat.

Up Next: In Part 2, I examine how attackers also use LLMs to better connect with Command and Control — C2 — systems. I foreshadowed these techniques a bit in today’s blog. Please stay tuned and provide any feedback you might have on this blog and series. What else would you like to understand better? Am I going to the right level of depth? What am I misunderstanding here or poorly explaining?

Thank you for reading and for your suggestions.

We’re losing — but it can’t get any worse, right? was originally published in DeepTempo on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post We’re losing — but it can’t get any worse, right? appeared first on Security Boulevard.

AI is a Necessity, But a Chief AI Officer Might Not Be Feasible Artificial Intelligence (AI) is transforming industries, optimizing operations, and redefining how businesses...Read More

The post If Businesses Can’t Afford a Chief AI Officer? Here’s the Alternative Way appeared first on ISHIR | Software Development India.

The post If Businesses Can’t Afford a Chief AI Officer? Here’s the Alternative Way appeared first on Security Boulevard.

In 2024, approximately 183,000 customers worldwide were affected by supply chain attacks. In terms of frequency, the software supply chain experienced one attack every 48 hours. Surprisingly, India is among the most targeted countries, along with the USA, UK, Australia, Japan, and Germany. Manufacturing, healthcare, defense, and aerospace are among the most targeted sectors. Among […]

The post Why Supply Chain Attacks Are The Biggest Threat To Businesses? appeared first on kratikalsite.

The post Why Supply Chain Attacks Are The Biggest Threat To Businesses? appeared first on Security Boulevard.

Today’s technology-driven world needs Software-as-a-Service (SaaS) organizations. Their software solutions help organizations perform effectively and efficiently. SaaS applications are easily available over the internet. It allows users to access them via a web browser without requiring complex installations or infrastructure. With 42,000 SaaS companies worldwide, it makes up 36.6% of the cloud service market. The […]

The post Top 7 Cyber Security Challenges Faced by SaaS Organizations appeared first on kratikalsite.

The post Top 7 Cyber Security Challenges Faced by SaaS Organizations appeared first on Security Boulevard.

Red teaming is like staging a realistic rehearsal for a potential cyber attack to check an organization’s security resilience before they become actual problems. The exercise has three key phases: getting inside the system, maintaining their presence undetected, and acting to achieve their goals. The job is to test an organization’s defenses, challenge security assumptions, […]

The post What is Red Teaming? appeared first on kratikalsite.

The post What is Red Teaming? appeared first on Security Boulevard.

In 2025, the cost of cyberattacks will reach $10.5 trillion globally. The projected growth rate is 15% every year. While the cost of attack keeps increasing, a breach is now identified in 194 days on average. It takes 64 days to contain a breach and 88 days on average to resolve an attack facilitated through […]

The post What is the Process of ISO 27001 Certification? appeared first on kratikalsite.

The post What is the Process of ISO 27001 Certification? appeared first on Security Boulevard.

Discussing the challenges, risks and solutions for businesses integrating payroll software and systems for seamless efficiency.

The post Integrating Payroll Systems: Risks, Challenges, and Solutions appeared first on Security Boulevard.

APIs (Application Programming Interfaces) have become the backbone of modern software, enabling seamless communication between applications and services with efficiency and simplicity. As APIs play an increasingly vital role in today’s digital ecosystem, ensuring their security is more critical than ever. A key aspect of the Software Development Life Cycle (SDLC) is API Pentesting. This […]

The post Role of AutoSecT in API Pentesting appeared first on kratikalsite.

The post Role of AutoSecT in API Pentesting appeared first on Security Boulevard.

The world we live in today seeks precise and instant solutions. The same is true when finding vulnerabilities that might remain hidden within an organization’s assets. This blog discusses the best VMDR and pentesting tools that help find vulnerabilities fast and are accurate in their findings. Additionally, there are multiple factors that need to be […]

The post Best VMDR and Pentesting Tool: 2025 appeared first on kratikalsite.

The post Best VMDR and Pentesting Tool: 2025 appeared first on Security Boulevard.

Web-based attacks are becoming increasingly sophisticated, and payment parameter tampering stands out as a silent yet potent threat. This attack involves manipulating parameters exchanged between the client and server to alter sensitive application data, such as user credentials, permissions, product prices, or quantities. The data targeted in parameter tampering is typically stored in cookies, hidden […]

The post What is Payment Parameter Tampering And How to Prevent It? appeared first on kratikalsite.

The post What is Payment Parameter Tampering And How to Prevent It? appeared first on Security Boulevard.

Gap Analysis within the Software Development Life Cycle (SDLC) involves identifying insufficient security measures, and compliance shortcomings throughout the software development process, from start to finish. It is to ensure that proper security needs are implemented from the initial design stages to deployment and maintenance. Ignoring SDLC gaps can cause project failures with catastrophic consequences. […]

The post SDLC Gap Analysis: Requirement For Organization appeared first on kratikalsite.

The post SDLC Gap Analysis: Requirement For Organization appeared first on Security Boulevard.