TECH NEWS

Entropy Trap part 2: Real-World Failures and Better Alternatives

https://hackernoon.imgix.net/images/arOEA250XOTS0bUETvCSvCN6Vcq1-je83e4u.jpeg
  • Three common attack patterns where entropy detection fails outright: TLS C2, living-off-the-land obfuscation, and cloud exfiltration.
  • Better signals exist in all three cases. They require understanding protocol semantics, not just string randomness.
  • The shift is from "this string looks random" to "this session behaves anomalously."

Part 1 covered why entropy-based detection is structurally weak as a primary signal. This part gets specific with three real attack patterns where entropy either fires on everything or misses the attack entirely – and what actually works instead.

Failure case 1: TLS C2

Cobalt Strike, Brute Ratel, and most modern post-exploitation frameworks run C2 over TLS. The traffic looks like normal HTTPS. Valid certificates. Plausible SNI.

Entropy on the SNI or certificate common name tells you basically nothing. "update.microsoft.com" and a random C2 domain both score low. "api.cloudflare.com" looks identical to "cdn.attackdomain.net" on string randomness.

The signals that actually matter are:

JA4 fingerprinting.The...

Copyright of this story solely belongs to hackernoon.com. To see the full text click HERE

Read more

https://www.eu-startups.com/wp-content/uploads/2026/05/Untitled-design-2026-05-19T165310.544.jpg

Berlin-based bunch, an AI-native platform for managers and institutional investors to manage the entire fund lifecycle, raised a €30.1M Series B led by Portage

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data