Inspired by the closed source FireBlock tool FireBlock from MdSec NightHawk, I decided to create my own version and this tool was created with the aim of blocking the outbound traffic of running EDR processes using Windows Filtering Platform (WFP) APIs.
This tool offers the following features:
BruteRatel's memexec
)The tool currently supports the following EDRs:
As I do not have access to all these EDRs for testing, please do not hesitate to correct me if the listed processes (edrProcess in EDRSilencer.c
) prove insufficient in blocking all alert, detection, or event forward traffic.
Tested in Windows 10 and Windows Server 2016
Usage: EDRSilencer.exe <blockedr/block/unblockall/unblock>
- Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes:
EDRSilencer.exe blockedr
- Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process (full path is required):
EDRSilencer.exe block "C:\Windows\System32\curl.exe"
- Remove all WFP filters applied by this tool:
EDRSilencer.exe unblockall
- Remove a specific WFP filter based on filter id:
EDRSilencer.exe unblock <filter id>
x86_64-w64-mingw32-gcc EDRSilencer.c -o EDRSilencer.exe -lfwpuclnt utils.c
EDRSilencer.exe blockedr
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…