web analytics

Bad Actors Manipulate Red-Team Tools to Evade Detection – Source: www.darkreading.com

Rate this post

Source: www.darkreading.com – Author: Dark Reading Staff

Hacker using laptop with green code on the screen

Source: Artur Marciniec via Alamy Stock Photo

EDRSilencer, a tool frequently used in red-team operations, is being co-opted by the dark side in malicious attempts to identify security tools and mute security alerts.

As an open source endpoint detection and response tool that detects EDR processes running on a system, EDRSilencer uses Windows Filtering Platform (WFP) to monitor, block, and modify network traffic. 

The red-team tool is capable of blocking 16 common EDR tools, including Microsoft Defender, SentinelOne, FortiEDR, Palto Alto Networks Traps/Cortex XDR, and TrendMicro Apex One, among others.

The threat actors behind the subversion are attempting to integrate the tool into their attacks and repurpose it to evade detection. If successful, they can disrupt data exchange between EDRSilencer and its management server, preventing not just alerts but also detailed telemetry reports. It also gives the attackers options to add filters or avoid certain file paths to evade detection.

“The emergence of EDRSilencer as a means of evading endpoint detection and response systems marks a significant shift in the tactics employed by threat actors,” the researchers at TrendMicro wrote in a post. “By disabling critical security communications, it enhances the stealth of malicious activities, increasing the potential for successful ransomware attacks and operational disruptions.”

The researchers note that organizations must remain vigilant and implement advanced detection mechanisms as well as threat hunting strategies to counteract these evasion tools.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Original Post URL: https://www.darkreading.com/endpoint-security/bad-actors-manipulate-red-team-tools-evade-detection

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post