Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) solutions, has been discovered being abused by threat actors. It leverages the Windows Filtering Platform to block EDR traffic, concealing malicious activity. The tool dynamically identifies running EDR processes and creates filters to block their outbound communication, preventing telemetry and alerts from reaching management consoles. During testing, it effectively disrupted various EDR products, including those not in its hardcoded list. This tool represents a significant shift in tactics, enhancing the stealth of malicious activities and increasing the potential for successful attacks. Organizations must adapt their security posture to counteract these sophisticated evasion techniques.
OPENCTI LABELS :
evasion techniques,edrsilencer,windows filtering platform,red team tool,endpoint security
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions