We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
EDR = Erase Data Remotely, By Cooking An Unforgettable (Byte) Signature Dish
Discover how researchers exploited vulnerabilities in EDR products to remotely trigger data deletion, including logs, files, and databases, and explore the limitations and potential risks of using these products for security purposes.
- EDR (Erase Data Remotely) is a technique used to delete data remotely, including logs, files, and databases, on a target system.
- Researchers were able to trigger automatic deletion of files on a Windows system using a Kaspersky EDR product, as well as remote deletion of IIS web server logs and MySQL databases.
- They also discovered methods to trigger deletion of other types of files, such as Chrome history and web data databases, and Unix logs.
- The EDR products examined included Kaspersky, Windows Defender, and Splunk.
- The researchers used a black box approach to find the best signatures to trigger the EDR products.
- They created a database of signatures and used it to trigger automatic deletion of files on a Windows system.
- The EDR products were found to have limitations, including limitations on file size and type, and were also affected by patching and updating.
- The researchers concluded that EDR products can be used for both local and remote attacks, and that their limitations should be taken into account when using them for security purposes.
- They also suggested that the research could have implications for the development of new security products and tools.