Tag

Tunneling

4 briefs RSS

Potential Protocol Tunneling via Cloudflared

Adversaries may abuse Cloudflare Tunnel (cloudflared) on Windows systems to proxy command and control traffic or exfiltrate data through Cloudflare's edge, evading direct connection blocking.

M365 Defender +1 cloudflare tunneling command and control proxy

2r 2t 1i May 5, 2026

critical threat

Warlock Group Deploys Web Shells, Tunnels, and Ransomware

2 rules 4 TTPs

The Warlock group utilizes web shells and tunneling to deploy ransomware within compromised environments, impacting victim data confidentiality and availability.

Warlock webshell ransomware tunneling

2r 4t Mar 19, 2026

medium advisory

Potential Cloudflared Network Tunnel Detection

2 rules 1 TTP

This brief detects network connection events associated with the Cloudflared tool, used to create tunnels via Cloudflare, potentially for unauthorized access or exfiltration, by establishing outbound connections to Cloudflare Edge Servers.

Cloudflared +3 reverse-proxy tunneling network-tunnel

2r 1t Jan 3, 2024

medium advisory

Potential Protocol Tunneling via Yuze

2 rules 3 TTPs

This alert detects potential protocol tunneling activity via the execution of Yuze, a lightweight open-source tunneling tool often used by threat actors for intranet penetration via forward and reverse SOCKS5 proxy tunneling.

Defender XDR +2 command-and-control tunneling yuze proxy

2r 3t Jan 2, 2024