Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is intended for red teaming, is being abused to “silence” EDR solutions. It works by leveraging the Windows Filtering Platform (WFP), which allows the creation of custom rules to monitor, block, and modify network traffic. “The code leverages WFP [Windows Filtering Platform] by dynamically identifying running EDR processes and creating … More
The post Attackers deploying red teaming tool for EDR evasion appeared first on Help Net Security.