EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public

EDRSilencer red team tool used in attacks to bypass security

0
Share:

A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles.

Researchers at cybersecurity company Trend Micro say that attackers are trying to integrate EDRSilencer in attacks to evade detection.

“Our internal telemetry showed threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.” – Trend Micro.

“Muting” EDR products

Endpoint Detection and Response (EDR) tools are security solutions that monitor and protect devices from cyber threats.

They use advanced analytics and constantly updated intelligence to identify threats, both known and new, and respond automatically while sending a detailed report to defenders about the origin, impact, and spread of the threat.

EDRSilencer is an open-source tool inspired by MdSec NightHawk FireBlock, a proprietary pen-testing tool, which detects running EDR processes and uses Windows Filtering Platform (WFP) to monitor, block, or modify network traffic on IPv4 and IPv6 communication protocol.

WFP is typically used in security products such as firewalls, antivirus, and other security solutions, and filters set in the platform are persistent.

With custom rules in place, an attacker can disrupt the constant data exchange between an EDR tool and its management server, preventing the delivery of alerts and detailed telemetry reports.

In its latest version, EDRSilencer detects and blocks 16 modern EDR tools, including:

  • Microsoft Defender
  • SentinelOne
  • FortiEDR
  • Palo Alto Networks Traps/Cortex XDR
  • Cisco Secure Endpoint (formerly AMP)
  • ElasticEDR
  • Carbon Black EDR
  • TrendMicro Apex One
Blocking the traffic of hardcoded executables
Blocking the traffic of hardcoded executables
Source: Trend Micro

TrendMicro’s tests with EDRSilencer showed that some of the impacted EDR tools may still be able to send reports due to one or more of their executables not being included in the red team tool’s hardcoded list.

However, EDRSilencer gives attackers the option to add filters for specific processes by providing file paths, so it is possible to extend the list of targeted processes to cover various security tools.

“After identifying and blocking additional processes not included in the hardcoded list, the EDR tools failed to send logs, confirming the tool’s effectiveness,” Trend Micro explains in the report.

“This allows malware or other malicious activities to remain undetected, increasing the potential for successful attacks without detection or intervention,” the researchers say.

EDRSilencer attack chain
EDRSilencer attack chain
Source: Trend Micro

TrendMicro’s solution to EDRSilencer is to detect the tool as malware, stopping it before it allows the attackers to disable security tools.

Additionally, researchers recommend implementing multi-layered security controls to isolate critical systems and create redundancy, use security solutions that provide behavioral analysis and anomaly detection, look for indicators of compromise on the network, and apply the principle of the least privilege.

Bill Toulas

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
5:20 pm, Jul 1, 2025
weather icon 32°C
L: 32° | H: 34°
overcast clouds
Humidity: 38 %
Pressure: 1013 mb
Wind: 11 mph W
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 94%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:47 am
Sunset: 9:20 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
32° | 34°°C 0 mm 0% 10 mph 53 % 1014 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
17° | 22°°C 1 mm 100% 11 mph 93 % 1022 mb 0 mm/h
Thu Jul 03 10:00 pm
weather icon
13° | 26°°C 0 mm 0% 9 mph 61 % 1028 mb 0 mm/h
Fri Jul 04 10:00 pm
weather icon
15° | 25°°C 0 mm 0% 9 mph 50 % 1029 mb 0 mm/h
Sat Jul 05 10:00 pm
weather icon
15° | 24°°C 1 mm 100% 12 mph 95 % 1023 mb 0 mm/h
Today 7:00 pm
weather icon
29° | 31°°C 0 mm 0% 10 mph 37 % 1013 mb 0 mm/h
Today 10:00 pm
weather icon
23° | 26°°C 0 mm 0% 9 mph 53 % 1014 mb 0 mm/h
Tomorrow 1:00 am
weather icon
20° | 20°°C 0 mm 0% 6 mph 71 % 1015 mb 0 mm/h
Tomorrow 4:00 am
weather icon
18° | 18°°C 0 mm 0% 6 mph 78 % 1016 mb 0 mm/h
Tomorrow 7:00 am
weather icon
18° | 18°°C 0.39 mm 39% 8 mph 82 % 1015 mb 0 mm/h
Tomorrow 10:00 am
weather icon
18° | 18°°C 0.08 mm 8% 7 mph 78 % 1016 mb 0 mm/h
Tomorrow 1:00 pm
weather icon
17° | 17°°C 1 mm 100% 4 mph 93 % 1018 mb 0 mm/h
Tomorrow 4:00 pm
weather icon
17° | 17°°C 1 mm 100% 7 mph 87 % 1019 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€89,770.25
-1.57%
Ethereum(ETH)
€2,052.75
-2.08%
Tether(USDT)
€0.85
0.00%
XRP(XRP)
€1.85
-0.53%
Solana(SOL)
€124.84
-6.77%
USDC(USDC)
€0.85
-0.01%
Dogecoin(DOGE)
€0.134955
-3.48%
Shiba Inu(SHIB)
€0.000009
-2.27%
Pepe(PEPE)
€0.000008
-4.63%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top