Tag: Legitimate WFP

EDRPrison EDRPrison leverages a legitimate WFP callout driver, WinDivert, to effectively silence EDR systems. Drawing inspiration from tools like Shutter, FireBlock, and EDRSilencer, this project focuses on network-based evasion techniques. Unlike its predecessors, EDRPrison installs and loads an external legitimate WFP callout driver instead of relying solely on the built-in WFP. Additionally, it blocks outbound traffic from EDR processes…