Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
Open source and easy installation.
Tier Zero Security has announced the release of an open-source EDR telemetry blocker. This standalone tool is designed to block EDR telemetry by performing a man-in-the-middle attack and filtering network traffic.
The EDR blocker uses iptables to filter network traffic. It determines the target IP addresses based on the server names that are transmitted in the TLS Client Hello packet and the list of blocked servers provided in the file.
To work with the tool, you need to complete several steps. First, you need to clone the repository from GitHub and go to the project directory. Then the Python virtual environment and the necessary dependencies, such as Scapy, are installed. After that, the virtual environment is activated, packet forwarding is enabled, and the blocker itself is launched.
Example of a command to run:
The main features of the blocker include the ability to monitor blocked IP addresses, add rules for iptables, and clear these rules. Commands are available for users to check blocked IP addresses and the number of blocked packets, as well as to add and remove DROP rules for iptables.
Tier Zero Security notes that the provided lists of blocked servers are not exhaustive and may require further development depending on the specific use environment.
More detailed information and installation guide are available on Github.
Source
Tier Zero Security has announced the release of an open-source EDR telemetry blocker. This standalone tool is designed to block EDR telemetry by performing a man-in-the-middle attack and filtering network traffic.
The EDR blocker uses iptables to filter network traffic. It determines the target IP addresses based on the server names that are transmitted in the TLS Client Hello packet and the list of blocked servers provided in the file.
To work with the tool, you need to complete several steps. First, you need to clone the repository from GitHub and go to the project directory. Then the Python virtual environment and the necessary dependencies, such as Scapy, are installed. After that, the virtual environment is activated, packet forwarding is enabled, and the blocker itself is launched.
Example of a command to run:
Code:
edr_blocker.py -i eth0 -f mde_block.txt -t 192.168.0.50 -gw 192.168.0.1The main features of the blocker include the ability to monitor blocked IP addresses, add rules for iptables, and clear these rules. Commands are available for users to check blocked IP addresses and the number of blocked packets, as well as to add and remove DROP rules for iptables.
Tier Zero Security notes that the provided lists of blocked servers are not exhaustive and may require further development depending on the specific use environment.
More detailed information and installation guide are available on Github.
Source
