RaaS group equips affiliates with EDR-killing toolkit
🔍 New research from ESET reveals that The Gentlemen ransomware-as-a-service platform now supplies affiliates with an advanced EDR killer framework called GentleKiller, alongside third-party tools like HexKiller, ThrottleBlood and HavocKiller. The leak shows affiliates can deploy bring-your-own vulnerable driver (BYOVD) techniques to gain kernel privileges and disable hundreds of EDR processes across many vendors. ESET warns this lowers the bar for less skilled attackers and urges organizations to enforce protections such as HVCI and KMCI, apply strict driver allow/block policies, and regularly audit drivers.
