by in
.
It is like having a security guard at the door of your house to protect it from intruders; having an EDR in place is like having a security guard to protect your computer from BYOVD attacks.
– AuKill malware was used to disable SentinelOne on a print server by exploiting a vulnerable driver.
– The attacker misidentified the asset as a Domain Controller (DC).
– To gain local administrator credentials, the attacker successfully brute-forced an account.
– PCHunter was used to survey the client’s network before deploying the EDR killer.
– Shadow volume copies were deleted, revealing the attackers’ intentions.
– The attackers bypassed security measures by exploiting the insecure PROCEXP.SYS driver.
– We recommend blacklisting outdated drivers with a known history of exploitation and maintaining an inventory of drivers installed on systems.
– We also advise bolstering the security of administrator accounts to defend against brute force attacks.
