A novel evasion GhostTree technique exploits NTFS junctions to create recursive directory loops. Uncovered by Varonis Threat Labs, this trap uses Endpoint Detection and Response (EDR) scanners to create infinite paths, causing them to hang indefinitely and ignore malicious payloads sitting in plain sight. NTFS junctions function as advanced shortcuts that seamlessly redirect applications from […]
The post GhostTree Attack Causes EDR Tools to Hang, Skip File Scans appeared first on Cyber Security News.