Bad Actors Manipulate Red-Team Tools to Evade Detection

  /     /     /  
Publicated : 23/11/2024   Category : security

Bad Actors Manipulate Red-Team Tools to Evade Detection


By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated.


EDRSilencer, a tool frequently used in
red-team operations
, is being co-opted by the dark side in malicious attempts to identify security tools and mute security alerts.
As an open source endpoint detection and response tool that detects EDR processes running on a system, EDRSilencer uses Windows Filtering Platform (WFP) to monitor, block, and modify network traffic. 
The red-team tool is capable of blocking 16 common EDR tools, including
Microsoft Defender
, SentinelOne, FortiEDR, Palto Alto Networks Traps/Cortex XDR, and TrendMicro Apex One, among others.
The threat actors behind the subversion are attempting to integrate the tool into their attacks and repurpose it to evade detection. If successful, they can disrupt data exchange between EDRSilencer and its management server, preventing not just alerts but also detailed telemetry reports. It also gives the attackers options to add filters or avoid certain file paths to evade detection.
The emergence of EDRSilencer as a means of evading endpoint detection and response systems marks a significant shift in the tactics employed by threat actors,
the researchers at TrendMicro wrote in a post
. By disabling critical security communications, it enhances the stealth of malicious activities, increasing the potential for successful ransomware attacks and operational disruptions.
The researchers note that organizations must remain vigilant and implement advanced detection mechanisms as well as threat hunting strategies to counteract these evasion tools.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Bad Actors Manipulate Red-Team Tools to Evade Detection