A new archive-manipulation technique called “Zombie ZIP” lets attackers conceal payloads inside ZIP files in a way that can evade many antivirus and endpoint detection solutions. The method was described by security researcher Chris Aziz of Bombadil Systems and has drawn warnings from CERT/CC and the wider security community. This post explains how Zombie ZIP works, what research and evidence
Tag: EDR
Microsoft Adds Native System Monitor (Sysmon) Support to Windows 11
Microsoft has begun shipping System Monitor (Sysmon) as a native, opt-in capability in Windows 11 preview builds. This change moves a widely used, high-fidelity endpoint telemetry tool from an optional Sysinternals download to an OS-managed feature. For security teams, IT operations, and incident responders, native Sysmon promises simpler deployment, stronger integration with Windows management channels, and a more consistent telemetry