New GhostTree Attack Causing EDR Products to Hang and Leave Files Unscanned
Source: Cybersecuritynews
Published:
<p>A novel evasion technique called GhostTree, which exploits NTFS junctions to create recursive directory loops. Uncovered by Varonis Threat Labs, this method traps Endpoint Detection and Response (EDR) scanners in infinite paths, causing them to hang and ignore malicious payloads. NTFS junctions f