Saturday, May 4, 2024
Latest:

behavioral blocking and containment

Microsoft Secure 

Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning

TH Author , , , , , , , , , , , ,

Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
The post Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Defending Exchange servers under attack

TH Author , , , , , , ,

Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.
The post Defending Exchange servers under attack appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

TH Author , , , , , , , , , , , , ,

Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
The post Latest Astaroth living-off-the-land attacks are even more invisible but not less observable appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Behavioral blocking and containment: Transforming optics into protection

TH Author , , , , , , , , , , , , ,

Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress. We have expanded these capabilities to get even broader visibility into malicious behavior by using a rapid protection loop engine that leverages endpoint and detection response (EDR) sensors.
The post Behavioral blocking and containment: Transforming optics into protection appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

Insights from one year of tracking a polymorphic threat

TH Author , , , , , , ,

We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
The post Insights from one year of tracking a polymorphic threat appeared first on Microsoft Security. READ MORE HERE…

Read more
Microsoft Secure 

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

TH Author , , , , , , , , , , ,

Two new machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender ATP specialize in detecting threats by analyzing behavior, adding new layers of protection after an attack has started running.
The post In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks appeared first on Microsoft Security. READ MORE HERE…

Read more