kernel-mode attacks – Computer Security Articles

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

July 31, 2019 admin assertion engine, cybersecurity, hardware-based isolation, kernel-mode attacks, Microsoft Defender Advanced Threat Protection, Microsoft security intelligence, next generation protection, Privilege Escalation, runtime attestation, Security Intelligence, Threat protection, token swap, token theft, Windows Defender Antivirus, Windows Security

Credit to Author: Eric Avena| Date: Wed, 31 Jul 2019 16:30:35 +0000

The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.

The post How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection appeared first on Microsoft Security .

Microsoft Security

From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw

April 8, 2019 admin Blue Hat, cybersecurity, DoublePulsar, Endpoint security, exploit, kernel driver, kernel sensors, kernel-mode attacks, Microsoft Defender ATP, privlege escalation, responsible vulnerability disclosure, Vulnerability, Windows Defender ATP

Credit to Author: Eric Avena| Date: Mon, 25 Mar 2019 15:00:07 +0000

Our discovery of two privilege escalation vulnerabilities in a driver highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the intelligence and tools to investigate threats, as we did.

The post From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw appeared first on Microsoft Security .