BYOSB in 2025: When Trusted Binaries Go Rogue

Skip to content

Our Platform
- XRATOR Operator
- XRATOR AutoComply
Solutions
Our Expertise
- Penetration Test
- Red Team Exercice
Resources
- Resources
  - Col1
    - Blog
      Learn about latest problems in cybersecurity and how it affects you
    - News
      Stay updated with what's new in XRATOR and Cybersecurity world
  - Col2
    - Research
      Dive into insightful white papers, e-books reports and many more
    - Customers
      Explore our Customer Stories and latest updates
- Featured Blog
  - Discover how to empower Chief Information Security Officers (CISOs) and cybersecurity teams with a strategic framework for risk-based cybersecurity, prioritizing vulnerabilities based on business impact. Explore XRATOR Operator, a Risk Orchestration, Automation, and Reporting (ROAR) platform, streamlining efforts for preemptive action and alignment with business goals, ensuring a resilient digital future.
About us
English
- Français
- English

BYOSB/BYOTB in 2025: When Trusted Binaries Go Rogue

A Red Team View on MITRE T1218 Tactics

They did'nt break the system. They used what was already trusted.

In 2025, attackers aren’t just writing malware—they’re borrowing signed binaries to stay invisible.

What’s inside this technical deep dive:

How BYOSB (Bring Your Own Signed Binary) exploits trust in signed tools like node.exe or python.exe
Why MITRE ATT&CK T1218 is now more relevant than ever
Real-world red team insights: fileless execution, low-noise payloads, and EDR evasion
SHA256 hashes, VT scores, and binary behavior analysis included
Key detection and mitigation strategies to defend smarter

For red teamers, threat hunters, and defenders who want to stay ahead of evolving attacker tradecraft.

France

XRATOR SAS
144 rue Paul Bellamy
CS12417
44024 Nantes Cedex 1

Singapore

XRATOR Pte. Ltd.
541 Orchard Road
#09-01 Liat Towers
Singapore 238881

XRATOR® • copyright [2025]

Our Platform
- XRATOR Operator
- XRATOR AutoComply
Solutions
Our Expertise
- Penetration Test
- Red Team Exercice
Resources
- Resources
  - Col1
    - Blog
      Learn about latest problems in cybersecurity and how it affects you
    - News
      Stay updated with what's new in XRATOR and Cybersecurity world
  - Col2
    - Research
      Dive into insightful white papers, e-books reports and many more
    - Customers
      Explore our Customer Stories and latest updates
- Featured Blog
  - Discover how to empower Chief Information Security Officers (CISOs) and cybersecurity teams with a strategic framework for risk-based cybersecurity, prioritizing vulnerabilities based on business impact. Explore XRATOR Operator, a Risk Orchestration, Automation, and Reporting (ROAR) platform, streamlining efforts for preemptive action and alignment with business goals, ensuring a resilient digital future.
About us
English
- Français
- English

Our Platform
- XRATOR Operator
- XRATOR AutoComply
Solutions
Our Expertise
- Penetration Test
- Red Team Exercice
Resources
- Resources
  - Col1
    - Blog
      Learn about latest problems in cybersecurity and how it affects you
    - News
      Stay updated with what's new in XRATOR and Cybersecurity world
  - Col2
    - Research
      Dive into insightful white papers, e-books reports and many more
    - Customers
      Explore our Customer Stories and latest updates
- Featured Blog
  - Discover how to empower Chief Information Security Officers (CISOs) and cybersecurity teams with a strategic framework for risk-based cybersecurity, prioritizing vulnerabilities based on business impact. Explore XRATOR Operator, a Risk Orchestration, Automation, and Reporting (ROAR) platform, streamlining efforts for preemptive action and alignment with business goals, ensuring a resilient digital future.
About us
English
- Français
- English

Manage Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}