Bad Actors Manipulate Red-Team Tools to Evade Detection

  /     /     /  
Publicated : 23/11/2024   Category : security


Bad Actors Manipulate Red-Team Tools to Evade Detection


By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated.



EDRSilencer, a tool frequently used in
red-team operations
, is being co-opted by the dark side in malicious attempts to identify security tools and mute security alerts.
As an open source endpoint detection and response tool that detects EDR processes running on a system, EDRSilencer uses Windows Filtering Platform (WFP) to monitor, block, and modify network traffic. 
The red-team tool is capable of blocking 16 common EDR tools, including
Microsoft Defender
, SentinelOne, FortiEDR, Palto Alto Networks Traps/Cortex XDR, and TrendMicro Apex One, among others.
The threat actors behind the subversion are attempting to integrate the tool into their attacks and repurpose it to evade detection. If successful, they can disrupt data exchange between EDRSilencer and its management server, preventing not just alerts but also detailed telemetry reports. It also gives the attackers options to add filters or avoid certain file paths to evade detection.
The emergence of EDRSilencer as a means of evading endpoint detection and response systems marks a significant shift in the tactics employed by threat actors,
the researchers at TrendMicro wrote in a post
. By disabling critical security communications, it enhances the stealth of malicious activities, increasing the potential for successful ransomware attacks and operational disruptions.
The researchers note that organizations must remain vigilant and implement advanced detection mechanisms as well as threat hunting strategies to counteract these evasion tools.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Bad Actors Manipulate Red-Team Tools to Evade Detection