lateral movement – Computer Security Articles

Detecting credential theft through memory access modelling with Microsoft Defender ATP

May 24, 2019 admin credential dumping, credential theft, cybersecurity, Endpoint security, fileless, in-memory attacks, lateral movement, living-off-the-land, LSASS, lsass.exe, memory access modelling, Microsoft Defender ATP, Reflective DLL loading, Targeted Attacks, Windows Security

Credit to Author: Eric Avena| Date: Thu, 09 May 2019 17:29:45 +0000

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security .