Mirrors/twosevenonet-edrchoker
1
0
Fork 0
mirror of https://github.com/TwoSevenOneT/EDRChoker synced 2026-06-08 07:45:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
5 Commits 1 Branch 1 Tag
master
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Two Seven One Three 0993b56573 Update README.md
2026-06-07 16:41:10 +07:00
Properties
Add project files.
2026-06-07 15:48:52 +07:00
.gitattributes
Add .gitattributes, .gitignore, and README.md.
2026-06-07 15:48:50 +07:00
.gitignore
Add .gitattributes, .gitignore, and README.md.
2026-06-07 15:48:50 +07:00
App.config
Add project files.
2026-06-07 15:48:52 +07:00
EDRChoker.csproj
Add project files.
2026-06-07 15:48:52 +07:00
EDRChoker.sln
Add project files.
2026-06-07 15:48:52 +07:00
Program.cs
Add project files.
2026-06-07 15:48:52 +07:00
README.md
Update README.md
2026-06-07 16:41:10 +07:00
Utils.cs
Add project files.
2026-06-07 15:48:52 +07:00

README.md

EDRChoker

EDRChoker uses Policy-based Quality of Service (QoS) to set hard bandwidth caps (throttling) on Endpoint Detection and Response (EDR) agents, causing them to always time out - effectively blocking them.

The rules take effect immediately and persist after the target reboots Windows.

EDRChoker relies on Windows' pacer.sys driver.

Command Line Syntax

EDRChoker.exe <ListFile>

To create QoS Policy for all process name in ListFile - Each line per process

EDRChoker.exe

To remove all installed QoS Policy

Links

EDRChoker: Choking The Telemetry Stream to Bypass Defenses

Some EDR/Antivirus have been successfully tested

  • Elastic Defend
  • ...
  • Please contact me if you successfully test it against any other EDR.

Demo Video

Youtube EDRChoker: https://youtu.be/hj05mT-45bo

🐦 Enjoying my work? Support the journey by following me on X

Twitter Follow

Author:

Two Seven One Three

Reference in New Issue View Git Blame Copy Permalink
S
Description
Mirror of https://github.com/TwoSevenOneT/EDRChoker
Readme 37 KiB
Languages
C# 100%