in-memory attacks – Computer Security Articles

Detecting credential theft through memory access modelling with Microsoft Defender ATP

May 24, 2019 admin credential dumping, credential theft, cybersecurity, Endpoint security, fileless, in-memory attacks, lateral movement, living-off-the-land, LSASS, lsass.exe, memory access modelling, Microsoft Defender ATP, Reflective DLL loading, Targeted Attacks, Windows Security

Credit to Author: Eric Avena| Date: Thu, 09 May 2019 17:29:45 +0000

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security .

Microsoft Security

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

January 16, 2018 admin Antimalware Scan Interface (AMSI), Antivirus, antivirus software, Cloud Computing, cybersecurity, Fall Creators Update, fileless malware, in-memory attacks, Intelligent Security Graph, machine learning, Next-gen antivirus, Powershell, script-based attacks, Security Intelligence, Security Response, Windows 10, Windows Defender Antivirus, Windows Defender ATP, Windows Defender AV, Windows Defender Exploit Guard

Credit to Author: Windows Defender ATP| Date: Mon, 04 Dec 2017 14:00:07 +0000

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for living off the landstaying away from the

Microsoft Security

Uncovering cross-process injection with Windows Defender ATP

March 8, 2017 admin Advanced persistent threats, Antimalware research for IT pros and enthusiasts, APTs, bitcoin, CoinMiner, Creators Update, cross-process injection, Exploits, Fynloski RAT, Gatak, GOLD activity group, in-memory attacks, post-breach detection, public preview, Windows 10, Windows Defender Advanced Threat Protection, Windows Defender ATP, zero-day exploits

Credit to Author: msft-mmpc| Date: Thu, 09 Mar 2017 06:16:01 +0000

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft—read how Windows 10 continues to raise…