Using EDR-Redir To Break EDR Via Bind Link and Cloud Filter

News
Yanac

EDR-Redir uses a Bind Filter (mini filter bindflt.sys) and the Windows Cloud Filter API (cldflt.sys) to redirect the Endpoint Detection and Response (EDR) ‘s working folder to a folder of the attacker’s choice. Alternatively, it can make the folder appear corrupt to prevent the EDR’s process services from functioning. submitted by /u/Cold-Dinosaur [link] [comments]Technical Information Security Content & DiscussionRead More