Another red teaming tool has been hijacked by criminals — EDRSilencer used to muffle defensive security tools

Cobalt Strike is not the only pentesting tool to be abused by hackers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

It is a known fact that hackers use legitimate software in their attacks, whenever possible - and now we can add EDRSilencer to that list.

Cybersecurity researchers from Trend Micro published a report in which they claim to have observed EDRSilencer being deployed in cyberattacks. This tool, they say, was primarily designed forpenetration testing, to be used by red teams as they simulate real-life cyberattacks and stress-test their networks against intruders.

Short for Endpoint Detection and Response Silencer, the tool was designed to interfere with, or disable, EDR solutions that are meant to monitor and detect suspicious activity onendpoints, such as computers or devices within a network. By neutralizing EDR defenses, attackers can carry out their malicious activities, such as data theft or system exploitation, without being detected.

Significant shift in tactics

Trend Micro said crooks managed, with the help of EDRSilencer, to render EDR tools ineffective and stop them from sending telemetry, alerts, or other data, to their management controls.

“The emergence of EDRSilencer as a means of evading endpoint detection and response systems marks a significant shift in the tactics employed by threat actors,” the researchers concluded.

EDRSilencer is an open-source tool inspired by MdSec NightHawk FireBlock. This is a proprietary penetration testing tool that detects running EDR processes and uses the Windows Filtering Platform (WFP) to monitor, block, or modify network traffic on IPv4 and IPv6 communication protocol.

EDRSilencer is capable of detecting and blocking 16 EDR tools, includingMicrosoftDefender, FortiEDR, SentinelOne, and many others.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This is not the first time legitimate pentesting tools are being used for nefarious purposes. Perhaps the best example of such practice is Cobalt Strike, a tool that is now generally consideredmalware, despite its original design being considered benign.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector