Overview
SHELLTER, a commercial AV/EDR evasion tool, is being abused in the wild
Key points:
- Originally built for red teams.
- Now used by threat actors to bypass detection.
- Malware is injected into legitimate processes.
- Campaigns observed across multiple sectors.
Questions to consider
- Are your EDRs detecting process injection?
- Do you allow unsigned binaries in production?
- How do you differentiate red team tools from real threats?