Hackers are exploiting the EDRSilencer tool to tamper with endpoint detection and response solutions, blocking outbound traffic of EDR processes using Windows Filtering Platform, rendering EDR software ineffective and making malware harder to detect. By integrating red teaming tools like EDRSilencer, threat actors aim to disable antivirus and EDR solutions, allowing malicious activities to go undetected. Trend Micro researchers highlight the use of tools like AuKill, EDRKillShifter, and TrueSightKiller by ransomware groups to escalate privileges and terminate security processes
EDRSilencer leverages Windows Filtering Platform to create persistent filters blocking outbound traffic from EDR processes, aiding in remaining undetected and enabling successful attacks without intervention. This trend reflects threat actors' pursuit of more effective tools, adapting methods to disrupt security processes and outpace traditional EDR capabilities. The rise of EDR-killing tools like Terminator and GhostDriver underscores the continuous efforts to enhance persistence mechanisms and evade detection, emphasizing the ongoing threat landscape's sophistication. https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html