Powershell – Computer Security Articles

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

June 11, 2020 admin cybersecurity, Microsoft security intelligence, Microsoft Threat Protection, MITRE, Powershell, step 19

Credit to Author: Eric Avena| Date: Thu, 11 Jun 2020 17:00:05 +0000

Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.

The post Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation appeared first on Microsoft Security .

Security Sophos

Stop ColdLock ransomware with Intercept X

May 11, 2020 admin coldlock, Enduser, fileless, Intercept X, Powershell, ransomware, Ransomwares

Credit to Author: Sally Adam| Date: Mon, 11 May 2020 16:06:14 +0000

ColdLock ransomware is devastating organizations, but Intercept X can help to freeze it out.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gU60MQ7dhYQ” height=”1″ width=”1″ alt=””/>

Security Sophos

How I learned to stop worrying and love ‘grey hat’ tools

February 25, 2020 admin cobalt strike, empire, evasion, hercules, hydra thc, kali, koadic, metasploit, nishang, Phantom, Powershell, shelter, SophosLabs Uncut, thefatrat, veilevasion

Credit to Author: Tad Heppner| Date: Tue, 25 Feb 2020 13:45:19 +0000

A comprehensive security solution needs a sense of subtlety: not all machine code lends itself to be classified easily as malicious. As with most things in life, there’s a grey area in malware detection that includes hacking tools, poorly designed or easily exploitable applications, or borderline adware that provides little benefit to the unfortunate user […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/TR1pieWZO1k” height=”1″ width=”1″ alt=””/>

QuickHeal Security

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

January 15, 2020 admin _readme.txt, {1d6fc66e-d1f3-422c-8a53-c0bbcf3d900d}, {36a698b9-d67c-4e07-be82-0ec5b14b4df5}, crack software, cracked, djvu, encryption, fake apps, icacls, infostealer, keygen, malware, offline key, online key, Powershell, ransomware, salsa20, stop, syshelper, time trigger task, timetriggertask, Vidar, vilsel, Windows update

Credit to Author: Jayesh kulkarni| Date: Wed, 15 Jan 2020 14:13:09 +0000

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data…

Security Sophos

Lemon_Duck PowerShell malware cryptojacks enterprise networks

October 1, 2019 admin Cryptojacking, cryptomining, EternalBlue, fileless, lemon_duck, Powershell, SMB, SophosLabs, SophosLabs Uncut

Credit to Author: rajeshnataraj| Date: Tue, 01 Oct 2019 04:01:09 +0000

SophosLabs are monitoring a significant spike in crypto mining attacks, which spread quickly across enterprise networks. Starting from a single infection, these attacks use a variety of malicious scripts that, eventually, turn an enterprise’s large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actors behind these campaigns have been using an array […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/jF91Bgk0dso” height=”1″ width=”1″ alt=””/>

Microsoft Security

Deep learning rises: New methods for detecting malicious PowerShell

September 3, 2019 admin AI and machine learning, cybersecurity, deep learning, Endpoint security, machine learning, Microsoft Defender ATP, Microsoft security intelligence, Powershell, Security Intelligence, Threat protection

Credit to Author: Eric Avena| Date: Tue, 03 Sep 2019 16:00:03 +0000

We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP’s coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.

The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security .

Security Sophos

Alla ricerca di esecuzioni di PowerShell dannose con Intercept X

May 31, 2019 admin Intercept X, Powershell, Sophos Soluzioni

Credit to Author: Sophos Italia| Date: Thu, 02 May 2019 08:30:19 +0000

Intercept X Advanced con EDR ora è in grado di fermare tutte le esecuzioni di PowerShell in modo che possano essere controllate e analizzate<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/yVbV_8cXDmE” height=”1″ width=”1″ alt=””/>

Security Sophos

Searching for malicious PowerShell executions with Intercept X

April 24, 2019 admin EDR, Intercept X, Powershell, Sophos Products

Credit to Author: Seth Geftic| Date: Wed, 24 Apr 2019 15:22:50 +0000

Intercept X Advanced with EDR now captures all PowerShell executions so that they can be reviewed and analyzed.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/eJM7U_zUOS8″ height=”1″ width=”1″ alt=””/>

← Previous