Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

Credit to Author: Eric Avena| Date: Thu, 11 Jun 2020 17:00:05 +0000

Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.

The post Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation appeared first on Microsoft Security.

Read more

How I learned to stop worrying and love ‘grey hat’ tools

Credit to Author: Tad Heppner| Date: Tue, 25 Feb 2020 13:45:19 +0000

A comprehensive security solution needs a sense of subtlety: not all machine code lends itself to be classified easily as malicious. As with most things in life, there&#8217;s a grey area in malware detection that includes hacking tools, poorly designed or easily exploitable applications, or borderline adware that provides little benefit to the unfortunate user [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/TR1pieWZO1k” height=”1″ width=”1″ alt=””/>

Read more

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

Credit to Author: Jayesh kulkarni| Date: Wed, 15 Jan 2020 14:13:09 +0000

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data…

Read more

Lemon_Duck PowerShell malware cryptojacks enterprise networks

Credit to Author: rajeshnataraj| Date: Tue, 01 Oct 2019 04:01:09 +0000

SophosLabs are monitoring a significant spike in crypto mining attacks, which spread quickly across enterprise networks. Starting from a single infection, these attacks use a variety of malicious scripts that, eventually, turn an enterprise&#8217;s large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actors behind these campaigns have been using an array [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/jF91Bgk0dso” height=”1″ width=”1″ alt=””/>

Read more

Deep learning rises: New methods for detecting malicious PowerShell

Credit to Author: Eric Avena| Date: Tue, 03 Sep 2019 16:00:03 +0000

We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP’s coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.

The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security.

Read more