#EDRkiller tool uses signed #kernel driver from forensic software
https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/
#EnCase #cybersecurity #EDR #DigitalForensics
Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them.
The New Oil