Mirrors/twosevenonet-edrchoker
1
0
Fork 0
mirror of https://github.com/TwoSevenOneT/EDRChoker synced 2026-06-08 15:47:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2e637ffa14ee5450ba477745974987854641ab52
twosevenonet-edrchoker/README.md
T
Two Seven One Three 2e637ffa14 Update README.md
2026-06-07 16:05:43 +07:00

1.2 KiB
Raw Blame History

EDRChoker

EDRChoker uses Policy-based Quality of Service (QoS) to set hard bandwidth caps (throttling) on Endpoint Detection and Response (EDR) agents, causing them to always time out - effectively blocking them.

The rules take effect immediately and persist after the target reboots Windows.

EDRChoker relies on Windows' pacer.sys driver.

Command Line Syntax

EDRChoker.exe <ListFile>

To create QoS Policy for all process name in ListFile - Each line per process

EDRChoker.exe

To remove all installed QoS Policy

Links

EDRChoker: Choking The Telemetry Stream to Bypass Defenses

Some EDR/Antivirus have been successfully tested

  • Elastic Defend
  • ...
  • Please contact me if you successfully test it against any other EDR.

Demo Video

Youtube EDR-Redir V1: https://www.youtube.com/watch?v=2_tanx7RSUw

🐦 Enjoying my work? Support the journey by following me on X

Twitter Follow

Author:

Two Seven One Three

Reference in New Issue View Git Blame Copy Permalink