Discover and read the best of Twitter Threads about #fileless

Most recents (2)

How do you detect a threat that:
- doesn’t touch the disk
- is loaded in the context of a legitimate process
- leaves no traces on the disk
Learn about the multiple techniques & technologies that Windows Defender ATP uses to block evasive fileless threats
msft.social/MC2D3B
Windows Defender ATP's automated investigation and response capabilities now cover memory-based/#fileless attacks. Read this post from @HeikeRitter to learn more: msft.social/2H5v8r Image
More info about automated investigation and response in Windows Defender ATP here: msft.social/f3V5jG
Read 3 tweets
Malicious HTML applications (.hta) hosted on compromised websites continue to plague the Internet, delivering malware payloads like #Kovter, which is known for its #fileless persistence techniques. Just this year, we’ve blocked these threats on almost 1M machines.
These malicious HTML applications typically use the file name FlashPlayer.hta. Newer versions use microsoft-patch.hta as a social engineering tactic and an attempt to avoid detection. Apart from file name, though, no other apparent update in the code.
#WindowsDefenderAV stops the attack kill chain using generic, behavioral, and contextual detections. It also leverages #AMSI to inspect PowerShell and other script types, even with multiple layers of obfuscation.
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!