Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

Tags

External References

• https://www.trendmicro.com/
• https://otx.alienvault.com/

Description

EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) solutions, has been discovered being abused by threat actors. It leverages the Windows Filtering Platform to block EDR traffic, concealing malicious activity. The tool dynamically identifies running EDR processes and creates filters to block their outbound communication, preventing telemetry and alerts from reaching management consoles. During testing, it effectively disrupted various EDR products, including those not in its hardcoded list. This tool represents a significant shift in tactics, enhancing the stealth of malicious activities and increasing the potential for successful attacks. Organizations must adapt their security posture to counteract these sophisticated evasion techniques.

Date