Cert2Connect

Silent Threat Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions

EDRSilencer a red team tool designed to interfere with endpoint detection and response (EDR) solutions has been discovered being abused by threat actors. It leverages the Windows Filtering Platform to block EDR traffic concealing malicious activity. The tool dynamically identifies running EDR processes and creates filters to block their outbound communication preventing telemetry and alerts from reaching management consoles. During testing it effectively disrupted various EDR products including those not in its hardcoded list. This tool represents a significant shift in tactics enhancing the stealth of malicious activities and increasing the potential for successful attacks. Organizations must adapt their security posture to counteract these sophisticated evasion techniques.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak