GitHub - TierZeroSecurity/edr_blocker: Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
github.com
Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Cli...
The original post: /r/netsec by /u/eitot8 on 2024-07-23 08:32:59.

EDR Blocker - A simple tool which performs Person-in-the-Middle attack using ARP spoofing, sniffs the TLS handshakes, create iptables DROP rules based on the Server Name Indicator (SNI) in TLS Client Hello packets.