Skip to content

AonCyberLabs/EDRSilencer-BOF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
beacon.h
beacon.h
 
 
bofdefs.h
bofdefs.h
 
 
edrsilencer.c
edrsilencer.c
 
 
edrsilencer.cna
edrsilencer.cna
 
 
utils.h
utils.h
 
 

Repository files navigation

EDRSilencer BOF

This is a port of the EDRSilencer tool (https://github.com/netero1010/EDRSilencer) to BOF format. It is designed to block outbound traffic for various EDR processes using Windows Filtering Platform (WFP) APIs.

Usage

Usage: edrsilencer <blockedr/block/unblockall/unblock> [<program path>|<filter id>]
- Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes:
  edrsilencer blockedr

- Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process (full path is required):
  edrsilencer block "C:\Windows\System32\curl.exe"

- Remove all WFP filters applied by this tool:
  edrsilencer unblockall

- Remove a specific WFP filter based on filter id:
  edrsilencer unblock <filter id>

Compile

Compile BOF: make

Compile standalone .exe: make exe

Credits

Copyright

Copyright 2024 Aon plc

About

Port of the EDRSilencer tool (https://github.com/netero1010/EDRSilencer) to BOF format

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages