URL has been copied successfully!
EDR killer tool uses signed kernel driver from forensic software
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

EDR killer tool uses signed kernel driver from forensic software


Tags: , , ,

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them.

First seen on bleepingcomputer.com

Jump to article: www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. ‘EDR-on-EDR Violence’: Hackers turn security tools against each other
  2. Hackers Deploy New EDR-Freeze Tool to Disable Security Software
  3. Open-source DFIR Velociraptor was abused in expanding ransomware efforts
  4. What are zero-day attacks and why do they work?