EDR killer tool uses signed kernel driver from forensic software
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them.
An EDR killer is a malicious tool created specifically to bypass or disable endpoint detection a...
news.fmisec.com3 min read