pattern·published·2 exhibits

Persistent Blindspot

The attack does not steal. It makes the defender permanently blind to a class of events.

Most attacks are noisy. They take something (data, money, access), and the act of taking produces signal. A query ran. A file moved. A privilege escalated. The defender's job, in the ordinary case, is to catch the signal in the noise.

Persistent-blindspot describes the class of attack where the goal is not to take something but to remove the defender's ability to see a class of events. The attack's signature IS its own invisibility. When it succeeds, the defender never learns that it happened, never learns what it was, and, critically, never learns that the detection surface for it is gone. The blindspot is the payload.

Mechanism

Detection systems work by converting behavior into observable events: syscalls, log lines, network flows, file metadata changes. Each event is one piece of evidence. Analysts reason over the evidence. Pipelines aggregate the events. Alerts fire on patterns.

The pattern operates on the conversion step. An attacker who can influence what gets recorded, or what gets reported, or what gets interpreted, can remove an entire class of events from downstream visibility. A kernel driver that suppresses the write it just performed. A security agent that filters its own logs before they hit the SIEM. A detection signature that was quietly modified to no longer match. A kill-switch on a verbose logger turned off "for performance."

What distinguishes persistent-blindspot from ordinary evasion is durability. Evasion hides one specific action. Blindspot removes the detection capability for a class. After the blindspot is installed, the next attack of that class is invisible too, and the one after that. The attacker does not need to rehide. The hiding is a property of the defender's infrastructure now.

The defender's position is recursive in the worst way: the missing events are not reported because they are missing, and the fact that they are missing is also not reported, because the reporting path depends on the same infrastructure. The detection fabric tells the defender everything is quiet. The fabric is correct. It is also blind.

Exhibits

RedSun: How Windows Defender's Remediation Became a SYSTEM File Write. Defender's remediation path performs privileged writes as part of its normal operation. The primitive the attack produces is a SYSTEM-level file write, but the signature of the write is indistinguishable from Defender doing its job. The attack is the defender's remediation action pointed at a different target. Detection of the abuse requires distinguishing "Defender wrote this file because it was fixing a threat" from "Defender wrote this file because someone steered it." The logs look the same. The forensic artifact is the same. The blindspot sits inside the defender's own audit trail.

UnDefend: What Chaotic Eclipse Held Back This Time. An EDR-class tool with capabilities specifically designed to interfere with other defensive instrumentation: unhook kernel callbacks, disable alerts, tamper with audit streams. The toolkit is the blindspot-production apparatus. Once deployed, the detection fabric on that endpoint has lost the ability to report the class of events the tool is interested in concealing. Recovery requires rebuilding the detection stack, not just removing the tool.

Boundaries

Not every log tampering. A rootkit that deletes specific log entries is evasion. Persistent-blindspot requires that the CAPACITY to detect a class was removed, not just that a specific instance was hidden. The distinction matters for response: evasion means you can still detect the next attack if you are watching; blindspot means you cannot detect the next attack even if you are watching.

Not every gap in coverage. If your SOC does not ingest kernel driver events, you have a coverage gap. Persistent-blindspot is an ACTIVE STATE produced by an attack, not a pre-existing omission. The gap was created by someone. Finding the when and the how is different from finding a budget for better coverage.

Not every EDR bypass. Bypasses get an attacker around the tool once. Persistent-blindspot disables the tool's relevant detection for a class. Bypasses require rework against each improvement of the tool; blindspots keep paying until someone notices the absence.

Defender playbook

Ask what you would not know if it were happening right now. For each detection capability in your stack, work backward: if this capability were silently disabled, what would I expect to stop seeing? If the answer is "nothing obvious," your detection fabric has low-signal coverage in that area, and an attacker's blindspot installation would be invisible to you.

Monitor the detection fabric for quiet. A SIEM that suddenly stops receiving a class of events it used to receive is a signal. The class could be kernel syscalls, a specific authentication log, a specific sensor's heartbeats. The volume curve changing is your alarm. Alerts on detection-event-volume deltas catch a class of attack that attempts to silence downstream reporting.

Maintain out-of-band verification for critical detections. If your primary detection channel for a class is a single agent on the endpoint, that agent is a single point of silence. Independent verification, even lightweight (periodic compare of a second sensor's view, offline forensic snapshots, external scanning), raises the bar from "disable the agent" to "disable all independent observers simultaneously."

Distrust uniformity across the fleet. Persistent-blindspot often shows first as a subset of hosts with detection data that is quieter than peers. Homogeneous infrastructure should produce homogeneous telemetry. A suspicious subtle deficit, "these hosts report 30% fewer process events than their peers," is worth investigating. Most of the time it is a config drift. Some of the time it is the pattern.

Treat detection infrastructure the way you treat the assets it protects. Its logs, its configuration, its integrity should be monitored with as much rigor as your production systems. The temptation to trust the defender because the defender is trustworthy is how the blindspots stay up.

Kinship

Security Tool As Primitive. When the blindspot is installed through abuse of a legitimate security tool, the two patterns compose. The tool that can suppress alerts on behalf of its legitimate operators can suppress them on behalf of an attacker who reaches its command interface. Security-tool-as-primitive produces the capability; persistent-blindspot is the effect.

Revocation Gap. Blindspots make revocation gaps unbounded. If the detection infrastructure cannot report the event class that would indicate the credential is being used maliciously, the gap between compromise and detection is permanent. The two patterns compound when attackers install the blindspot first and then use stolen credentials inside it.

Trust Inversion. Defender tooling is trusted by construction to produce accurate telemetry. Persistent-blindspot is the inverted form of that trust: the tooling is reporting as designed, and the reporting is wrong, and the defender cannot tell from inside the system that the reporting is wrong. Trust-inversion makes the blindspot possible; blindspot makes the trust-inversion undetectable.

The loudest part of this class of attack is the quiet it produces. Your dashboards look fine. That is not the absence of incident. That is the incident.