Today > 1 Critical | 3 High | 6 Medium vulnerabilities   -   You can now download lists of IOCs here!

Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

Oct. 15, 2024, 10:15 a.m.

Description

EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) solutions, has been discovered being abused by threat actors. It leverages the Windows Filtering Platform to block EDR traffic, concealing malicious activity. The tool dynamically identifies running EDR processes and creates filters to block their outbound communication, preventing telemetry and alerts from reaching management consoles. During testing, it effectively disrupted various EDR products, including those not in its hardcoded list. This tool represents a significant shift in tactics, enhancing the stealth of malicious activities and increasing the potential for successful attacks. Organizations must adapt their security posture to counteract these sophisticated evasion techniques.

Date

Published: Oct. 15, 2024, 8:51 a.m.

Created: Oct. 15, 2024, 8:51 a.m.

Modified: Oct. 15, 2024, 10:15 a.m.

Attack Patterns

EDRSilencer

T1569.002

T1562.001

T1057

T1498

T1499

T1059