Bleeping Computer

EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. An EDR killer is a malicious tool created ...
Dark Reading

EnCase Driver Weaponized as EDR Killers Persist

Threat actors are using a forensic tool's Windows kernel driver to kill security products, despite the fact the driver's digital certificate was revoked more than a decade ago. In a blog post ...