Cortex XDR Live Terminal Abuse Lets Hackers Use EDR for Stealthy C2 Control

]Hackers can hijack Palo Alto Networks’ Cortex XDR Live Terminal feature for command-and-control communications. The trusted EDR tool runs attacker commands without detection. InfoGuard Labs states: “No command signing allows WebSocket redirection to attacker servers.” Live Terminal lets admins run PowerShell, Python, file ops remotely via WebSocket to Palo Alto cloud. Attackers exploit missing validation. […] The post Cortex XDR Live Terminal Abuse Lets Hackers Use EDR for Stealthy C2 Control appeared first on VPN Central.