Discover and read the best of Twitter Threads about #AMSI

Most recents (2)

Windows Defender ATP showed exceptional capabilities for detecting attacker techniques throughout APT3’s attack stages, registering the lowest number of misses among evaluated products. More insights from the MITRE evaluation here: msft.social/YKm7Yo
Signals from Azure ATP helped expose & enrich the detection of account discovery. This validates the strategic approach behind Microsoft Threat Protection: the most comprehensive protection comes from shared rich telemetry collected across the attack chain msft.social/YKm7Yo
The MITRE test highlighted the value of transparency: #AMSI enabled deep visibility into PowerShell scripts used in attacker techniques. Advanced ML-based detection capabilities in Windows Defender ATP used this visibility to expose the malicious scripts. msft.social/YKm7Yo
Read 3 tweets
Malicious HTML applications (.hta) hosted on compromised websites continue to plague the Internet, delivering malware payloads like #Kovter, which is known for its #fileless persistence techniques. Just this year, we’ve blocked these threats on almost 1M machines.
These malicious HTML applications typically use the file name FlashPlayer.hta. Newer versions use microsoft-patch.hta as a social engineering tactic and an attempt to avoid detection. Apart from file name, though, no other apparent update in the code.
#WindowsDefenderAV stops the attack kill chain using generic, behavioral, and contextual detections. It also leverages #AMSI to inspect PowerShell and other script types, even with multiple layers of obfuscation.
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!