← Back to BrewedIntel
malwarehighDefense EvasionEDR KillerVulnerable Driver AbuseEDR KillersVulnerable Drivers

Mar 19, 2026 • ESET WeLiveSecurity

EDR killers explained: Beyond the drivers

ESET researchers have published findings on the EDR (Endpoint Detection and Response) killer ecosystem, revealing how threat actors exploit vulnerable drivers...

Source
ESET WeLiveSecurity
Category
malware
Severity
high

Executive Summary

ESET researchers have published findings on the EDR (Endpoint Detection and Response) killer ecosystem, revealing how threat actors exploit vulnerable drivers to disable security software. This technique allows attackers to bypass endpoint protection by leveraging outdated or poorly signed kernel drivers with known vulnerabilities. The abuse of vulnerable drivers represents a significant risk as it enables malware to operate undetected by eliminating critical security monitoring capabilities. Organizations should ensure robust driver verification processes, maintain updated security solutions, and implement application whitelisting to mitigate these threats. This research highlights the evolving sophistication of attack techniques targeting endpoint defenses.

Summary

ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers

Published Analysis

ESET researchers have published findings on the EDR (Endpoint Detection and Response) killer ecosystem, revealing how threat actors exploit vulnerable drivers to disable security software. This technique allows attackers to bypass endpoint protection by leveraging outdated or poorly signed kernel drivers with known vulnerabilities. The abuse of vulnerable drivers represents a significant risk as it enables malware to operate undetected by eliminating critical security monitoring capabilities. Organizations should ensure robust driver verification processes, maintain updated security solutions, and implement application whitelisting to mitigate these threats. This research highlights the evolving sophistication of attack techniques targeting endpoint defenses. ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers ESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable drivers

Linked Entities

  • EDR Killers
  • Vulnerable Drivers