Skip to content
Security researchers at Bitdefender have demonstrated three attack techniques in which Windows’ bind links can be used to evade endpoint detection and response (EDR) products. Bind links are a legitimate Windows feature implemented by bindflt.sys and used by Store apps, Windows Sandbox, and Windows containers. They are a kernel-level redirection mechanism creating a virtual path that transparently...
Windows Bind Link Attacks Can Hide Malware From EDR Tools | Huntaegis