EDR-Redir V2 exploits techniques in Windows to disable security measures of Endpoint Detection and Response (EDR) systems. By creating redirection loops from parent directories, namely targeting areas like Program Files, the tool effectively blinds EDR software to malicious activities. This new version of EDR-Redir circumvents previous detection methods by isolating specific EDR paths, allowing attackers to execute DLL hijacking or inject malware while remaining undetected.
The tool’s design builds on features introduced in Windows 11, specifically leveraging filesystem namespace redirection to manipulate how EDRs interact with their environment. In tests conducted by the researcher TwoSevenOneT, EDR-Redir V2 demonstrated the capability to execute this redirection on Windows Defender, resulting in successful evasion tactics without raising alerts. The implications for enterprise security are significant, as this method could allow for serious breaches if left unmonitored. EDR vendors will need to enhance their safeguards, particularly around parent directories, and users must stay vigilant regarding bind link behavior to protect critical directory paths.
👉 Pročitaj original: Cyber Security News
