Select Page
clipboard_image_4.png

Hyper-V Powering Windows Features

December 2019 Hyper-V is Microsoft’s hardware virtualization technology that initially released with Windows Server 2008 to support server virtualization and has since become a core component of many Microsoft products and features. These features range from enhancing security to empowering ... continue reading
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of ... continue reading
Image showing "Signers" using in the credential dumping tool signed using a stolen Whizzimo, LLC certificate.

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need ... continue reading
Timeline of evolution of Dexphot malware

Insights from one year of tracking a polymorphic threat

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every ... continue reading
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks

Our experience in detecting and blocking threats on millions of endpoints tells us that attackers will stop at nothing to circumvent protections. Even one gap in security can be disastrous to an organization. At Microsoft, we don’t stop finding new ... continue reading
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware

We’ve discussed the challenges that fileless threats pose in security, and how Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) employs advanced strategies to defeat these sophisticated threats. Part of the slyness of fileless malware is their use of living-off-the-land ... continue reading
Screenshot of the Morphisec Moving Target Defense dashboard.

Improve security and simplify operations with Windows Defender Antivirus + Morphisec

My team at Morphisec (a Microsoft Intelligent Security Association (MISA) partner) often talks with security professionals who are well-informed about the latest cyberthreats and have a longterm security strategy. The problem many of them face is how to create a ... continue reading
How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). It’s not without challenges, but the deep integration ... continue reading
Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack

The prevailing perception about fileless threats, among the security industry’s biggest areas of concern today, is that security solutions are helpless against these supposedly invincible threats. Because fileless attacks run the payload directly in memory or leverage legitimate system tools ... continue reading
Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

Inside out: Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection

While Windows Defender Antivirus makes catching 5 billion threats on devices every month look easy, multiple advanced detection and prevention technologies work under the hood to make this happen. Windows Defender Antivirus is the next-generation protection component of Microsoft Defender ... continue reading