Discover and read the best of Twitter Threads about #fileless
Most recents (2)
How do you detect a threat that:
- doesn’t touch the disk
- is loaded in the context of a legitimate process
- leaves no traces on the disk
Learn about the multiple techniques & technologies that Windows Defender ATP uses to block evasive fileless threats
msft.social/MC2D3B
- doesn’t touch the disk
- is loaded in the context of a legitimate process
- leaves no traces on the disk
Learn about the multiple techniques & technologies that Windows Defender ATP uses to block evasive fileless threats
msft.social/MC2D3B
Windows Defender ATP's automated investigation and response capabilities now cover memory-based/#fileless attacks. Read this post from @HeikeRitter to learn more: msft.social/2H5v8r 
More info about automated investigation and response in Windows Defender ATP here: msft.social/f3V5jG
Malicious HTML applications (.hta) hosted on compromised websites continue to plague the Internet, delivering malware payloads like #Kovter, which is known for its #fileless persistence techniques. Just this year, we’ve blocked these threats on almost 1M machines.
These malicious HTML applications typically use the file name FlashPlayer.hta. Newer versions use microsoft-patch.hta as a social engineering tactic and an attempt to avoid detection. Apart from file name, though, no other apparent update in the code.
#WindowsDefenderAV stops the attack kill chain using generic, behavioral, and contextual detections. It also leverages #AMSI to inspect PowerShell and other script types, even with multiple layers of obfuscation.
