Skip to content
Summary In early February 2026, Huntress responded to an intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to gain initial access to a victim network. Once inside, the attacker deployed an EDR killer that abuses a legitimate Guidance Software (EnCase) forensic driver with a revoked certificate to terminate security processes from kernel mode, a technique known as Bri...
They Got In Through SonicWall. Then They Tried to Kill Every Security Tool | Huntaegis