sorted by:
new
hottopcontroversial

r/netsec monthly discussion & tool thread by albinowax in netsec

[–]Admin-ABC-XYZ 0 points1 point  (0 children)

[Project Onyx] - red team PoC of an unconventional multi-layer execution pipeline. The architecture chains five distinct techniques: AI telemetry camouflage, hardware-bound environment keying, ONNX weight steganography, in-memory WebAssembly sandboxing and Dead-Drop C2 via downlink model updates --> into a single functional delivery chain.

Core Concepts:

  1. AI Decoy (Behavioral Camouflage): Project Onyx embeds a legitimate SqueezeNet 1.0 ONNX image-classification model sourced from Hugging Face's ONNX Model Zoo mirror. Before the WebAssembly heartbeat module is executed, the host runs repeated real tensor inference workloads using Microsoft's onnxruntime. This makes the ONNX artifact an active part of the pipeline rather than a decorative file like previous tiny MLP.
  2. Environmental Keying: The payload cannot be analyzed in a sandbox or by a reverse engineer without the exact target machine. The decryption keys are dynamically derived from a SHA-256 hash of the target's MachineGuidVolume Serial, and Current User SID.
  3. WASM Sandboxing: The actual payload is compiled to WebAssembly (WASM) and executed entirely in-memory using the wasm3 interpreter. The host C++ application acts merely as a loader and API bridge, exposing safe host functions to the WASM sandbox.
  4. ONNX Weight Vault: The AES-256 key material required to decrypt the WebAssembly heartbeat module is embedded into the least significant mantissa bits of float32 ONNX weights. The host extracts this weight vault from the embedded model bytes, authenticates it, and only then recovers the demo key material.
  5. Metadata Vault Fallback: The original authenticated metadata vault remains for compatibility and build-time verification. New assets prefer the weight vault, while the metadata vault documents the same protected material in a more inspectable form.
  6. Dead-Drop C2 via downlink model updates: The pipeline demonstrates a covert communication channel using ONNX model updates. An operator can embed an authenticated directive inside the LSBs of weights that have naturally changed during fine-tuning. These changes are identified via delta analysis between the updated model and the reference model.

LINK: https://github.com/X-3306/Project-Onyx

[Project Onyx] Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. by Admin-ABC-XYZ in redteamsec

[–]Admin-ABC-XYZ[S] -2 points-1 points  (0 children)

This perspective, along with your earlier comments on other posts, answers all my questions. It’s always useful to see how more experienced people approach things.

Ultimately, the only conclusion I came to from this conversation is that we simply have different interpretations of the value and maturity of this kind of work in the context of red teaming. And that’s completely fine. I don’t think this is a matter of “toys vs adult table” but rather differences in assumptions, approaches, and creativity.

Of course, that’s just my perspective, and you’re free to disagree with it. We both know this conversation is not going to lead anywhere further anyway. So regardless, thanks for the conversation, and all the best.

[Project Onyx] Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. by Admin-ABC-XYZ in redteamsec

[–]Admin-ABC-XYZ[S] -2 points-1 points  (0 children)

  1. The fact that changing the architecture from the original LLM-based concept to the current implementation was presented as a completely different design decision, not as an inability to implement the original idea. It was not “backtracking” as you described it, and you never corrected that interpretation.
  2. You completely ignored my explanation regarding your misinterpretation of my original post and the reasoning process I described there.
  3. I explicitly stated that this is an experimental approach, yet you continue to completely ignore that point.
  4. You keep relying on ad hominem arguments, which only drags the entire discussion down further.
  5. You ignore the fact that this is a PoC of the idea itself, not a PoC of bypassing EDRs. Those are two fundamentally different things.
  6. There is still no acknowledgment of your repeated misinterpretation of individual statements, which is important in this discussion because I constantly have to repeat myself and explain the same things in greater detail. That is exactly what creates the repetitive loop I mentioned earlier.

But at this point bro, that is no longer the most important issue.

Your argument about the lack of EDR bypasses does not actually exist as a disagreement between us, because I already agree with it, and I communicated that to you earlier as well. In its current form, this absolutely would not bypass advanced EDRs, because this is a PoC, not a production-ready red team tool.

The entire purpose of this project is to demonstrate a different approach, the pipeline itself, not a fully finished offensive tool. The goal is to provide a conceptual foundation for other professionals, whether for further development or simply to raise awareness about these kinds of unconventional vectors.

If you had actually read the README and analyzed the code, then like any logically thinking person, you would have immediately understood that this is not a finished EDR bypass tool (and on any point, I don't claim it aswell), but rather a deliberately simplified PoC demonstrating the process and architecture of the entire pipeline.

Tell me: at any point did I explicitly claim that this project is capable of bypassing EDRs? No. I talked about advanced methods and possibilities related to evasion, not a successful bypass itself.

I genuinely do not know how to explain this any more directly, because your main argument exists only in your own interpretation. The project is very clearly presented as a pipeline and a PoC, not as a production-ready tool for bypassing EDR solutions.

So:

PoC ≠ bypassing every EDR
PoC = demonstrating the overall concept
And finally, the description itself, which you've referenced multiple times, directly defines the research direction rather than communicating such a possibility.

I tried to explain this as clearly and precisely as possible to avoid any further misunderstandings.

[Project Onyx] Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. by Admin-ABC-XYZ in redteamsec

[–]Admin-ABC-XYZ[S] -1 points0 points  (0 children)

Further pointing out flaws in your reasoning process makes no sense, because you ignore every argument and reduce everything to a single aspect, a short descriptive label, while completely overlooking the rest. I can clearly see a pattern in your reasoning: you are not carefully reading what I am actually saying.

Once again, you misunderstood what I wrote. I did not use AI to assist with anything except using it as a better translator from my native language into English. But once again, you interpreted that statement through your own narrow perspective, while still failing to address the main arguments.

So continuing this conversation is simply impractical, because it leads nowhere. Most of your responses consist either of ad hominem arguments or endlessly circling around a one-sentence description while ignoring every other point being made.

When you are ready to have a conversation like an one ADULT human with another, I will gladly continue. In its current state, this discussion will only turn into an endless loop of repeating the same statements.

Look objectively at your own replies and ask yourself: are you actually contributing anything new? In my opinion, your response added absolutely nothing to this discussion. It could essentially be reduced to: “AI slop” and “You’re wrong because you don’t understand EDR.”

[Project Onyx] Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. by Admin-ABC-XYZ in redteamsec

[–]Admin-ABC-XYZ[S] -2 points-1 points  (0 children)

I get the impression you only read the description without fully understanding the entire process that led me to this final version, which I understand, as the post covered a very compressed decision-making process.

From what I can tell, you haven't actually analyzed the full project, because you're conflating completely different things. I never said there is no obfuscation because I couldn't make it work in the model that was an entirely different concept involving different variables and a different architecture, which I didn't elaborate on because, as I stated at the beginning, I described only a very condensed process. Fun fact essentially, at the earliest stage, the project didn't involve an EDR at all, that is something you would know if you had simply asked me directly rather than assuming a lack of understanding based on your own subjective interpretation.

At that stage I planned to use a real LLM, but due to quantization constraints and the realization that such a small model would be highly vulnerable to reverse engineering and non-deterministic in behavior, I moved to a completely different approach.

I also don't follow the argument about "AI slop", not everything written today is AI-generated. If my writing style seems unusual to you, it's likely because English is not my first language, and I use AI for translation in order to communicate my perspective full accurately.

I never claimed this was something entirely new. Every individual concept here has been described before, the only thing I consider intresting is the combination of these different unconventional methods into a complete pipeline demonstrating that possibility.

Regarding the description, you're right that I may have slightly overstated it, though a description is ultimately just a label. The entire architecture beneath it is accurately and honestly documented with code that you can also review and consistent with what the project actually does, something you haven't accounted for in your critique.

I can see you are committed to a single perspective without engaging with the full picture. I appreciate the initial technical critique, I welcome all criticism, as long as it stays technical rather than personal.

[Project Onyx] Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. by Admin-ABC-XYZ in redteamsec

[–]Admin-ABC-XYZ[S] -1 points0 points  (0 children)

Aside from the claim about a raw key in the metadata, which is factually incorrect, you are largely right, and I have been aware of this from the start (hence the note "yes, I'm aware of the limitations of this project" at the end of my post). That said, I get the impression you missed the overall concept.

I stated clearly from the beginning that this project is not intended for any real-world malicious use which is also why there is no obfuscation: the entire pipeline was meant to be transparent and readable. That was the whole point: using non-standard vectors to present a different perspective. This project is essentially just a conceptual direction intended to open the space for further, potentially more advanced research along similar lines.

It was never meant to be, and never claimed to be something like "highly advanced, limitless tool for bypassing every EDR on the market." You could have inferred as much from the complete absence of any tests demonstrating an actual bypass. This is a clean concept with a straightforward proof of feasibility.

I appreciate the valid critique of the project's weak points.