Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Another red teaming tool has been hijacked by criminals — EDRSilencer used to muffle defensive security tools

Representational image depecting cybersecurity protection.

It is a known fact that hackers use legitimate software in their attacks, whenever possible - and now we can add EDRSilencer to that list.

Cybersecurity researchers from Trend Micro published a report in which they claim to have observed EDRSilencer being deployed in cyberattacks. This tool, they say, was primarily designed for penetration testing, to be used by red teams as they simulate real-life cyberattacks and stress-test their networks against intruders.

Short for Endpoint Detection and Response Silencer, the tool was designed to interfere with, or disable, EDR solutions that are meant to monitor and detect suspicious activity on endpoints, such as computers or devices within a network. By neutralizing EDR defenses, attackers can carry out their malicious activities, such as data theft or system exploitation, without being detected.

Significant shift in tactics

Trend Micro said crooks managed, with the help of EDRSilencer, to render EDR tools ineffective and stop them from sending telemetry, alerts, or other data, to their management controls.

“The emergence of EDRSilencer as a means of evading endpoint detection and response systems marks a significant shift in the tactics employed by threat actors,” the researchers concluded.

EDRSilencer is an open-source tool inspired by MdSec NightHawk FireBlock. This is a proprietary penetration testing tool that detects running EDR processes and uses the Windows Filtering Platform (WFP) to monitor, block, or modify network traffic on IPv4 and IPv6 communication protocol.

EDRSilencer is capable of detecting and blocking 16 EDR tools, including Microsoft Defender, FortiEDR, SentinelOne, and many others.

This is not the first time legitimate pentesting tools are being used for nefarious purposes. Perhaps the best example of such practice is Cobalt Strike, a tool that is now generally considered malware, despite its original design being considered benign.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.