Skip to main content
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
Home
Solutions
Cloud security
Cloud workload protection
Frontline workers
Identity & access
Industrial & critical infrastructure
Information protection & governance
IoT security
Passwordless authentication
Phishing
Ransomware
Risk management
Secure remote work
SIEM & XDR
Small & medium business
Zero Trust
Products
Product families
Product families
Microsoft Defender
Microsoft Entra
Microsoft Intune
Microsoft Priva
Microsoft Purview
Microsoft Sentinel
Security AI
Security AI
Microsoft Security Copilot
Identity & access
Identity & access
Azure Active Directory part of Microsoft Entra
Microsoft Entra Identity Governance
Microsoft Entra Permissions Management
Microsoft Entra Verified ID
Microsoft Entra Workload Identities
Azure Key Vault
SIEM & XDR
SIEM & XDR
Microsoft Sentinel
Microsoft Defender for Cloud
Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender Vulnerability Management
Microsoft Defender Threat Intelligence
Cloud security
Cloud security
Microsoft Defender for Cloud
Microsoft Defender Cloud Security Posture Mgmt
Microsoft Defender for DevOps
Microsoft Defender External Attack Surface Management
Azure Firewall
Azure Web App Firewall
Azure DDoS Protection
GitHub Advanced Security
Endpoint security & management
Endpoint security & management
Microsoft Defender for Endpoint
Microsoft 365 Defender
Microsoft Intune Core
Microsoft Defender for IoT
Microsoft Defender for Business
Microsoft Defender Vulnerability Management
Risk management & privacy
Risk management & privacy
Microsoft Purview Insider Risk Management
Microsoft Purview Communication Compliance
Microsoft Purview eDiscovery
Microsoft Purview Compliance Manager
Microsoft Purview Audit
Microsoft Priva Risk Management
Microsoft Priva Subject Rights Requests
Information protection
Information protection
Microsoft Purview Information Protection
Microsoft Purview Data Lifecycle Management
Microsoft Purview Data Loss Prevention
Services
Microsoft Security Experts
Microsoft Defender Experts for Hunting
Microsoft Security Services for Enterprise
Microsoft Incident Response
Microsoft Security Services for Modernization
Partners
Resources
Get started
Get started
Cybersecurity awareness
Customer stories
Security 101
Product trials
How we protect Microsoft
Reports and analysis
Reports and analysis
Industry recognition
Microsoft Security Insider
Microsoft Digital Defense Report
Security Response Center
Community
Community
Microsoft Security Blog
Microsoft Security Events
Microsoft Tech Community
Documentation and training
Documentation and training
Documentation
Technical Content Library
Training & certifications
Cyberattack support
Cyberattack support
Under attack?
Additional sites
Additional sites
Compliance Program for Microsoft Cloud
Microsoft Trust Center
Security Engineering Portal
Service Trust Portal
Contact Sales
More
Start free trial
All Microsoft
Global
Microsoft Security
Azure
Dynamics 365
Microsoft 365
Microsoft Teams
Windows 365
Tech & innovation
Tech & innovation
Microsoft Cloud
AI
Azure Space
Mixed reality
Microsoft HoloLens
Microsoft Viva
Quantum computing
Sustainability
Industries
Industries
Education
Automotive
Financial services
Government
Healthcare
Manufacturing
Retail
All industries
Partners
Partners
Find a partner
Become a partner
Partner Network
Find an advertising partner
Become an advertising partner
Azure Marketplace
AppSource
Resources
Resources
Blog
Microsoft Advertising
Developer Center
Documentation
Events
Licensing
Microsoft Learn
Microsoft Research
View Sitemap
Search
Search Microsoft Security
No results
Cancel
Sign in
Author: Microsoft Defender Security Research Team
Featured image for Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
August 27, 2020
• 6 min read
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
Read more
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Featured image for Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
July 23, 2020
• 11 min read
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
Learn how we're using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.
Read more
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
Featured image for Defending Exchange servers under attack
June 24, 2020
• 12 min read
Defending Exchange servers under attack
Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.
Read more
Defending Exchange servers under attack
Featured image for Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
March 23, 2020
• 6 min read
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
Read more
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Featured image for Behavioral blocking and containment: Transforming optics into protection
March 9, 2020
• 6 min read
Behavioral blocking and containment: Transforming optics into protection
Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress. We have expanded these capabilities to get even broader visibility into malicious behavior by using a rapid protection loop engine that leverages endpoint and detection response (EDR) sensors.
Read more
Behavioral blocking and containment: Transforming optics into protection
Featured image for Ghost in the shell: Investigating web shell attacks
February 4, 2020
• 5 min read
Ghost in the shell: Investigating web shell attacks
Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
Read more
Ghost in the shell: Investigating web shell attacks
Featured image for sLoad launches version 2.0, Starslord
January 21, 2020
• 5 min read
sLoad launches version 2.0, Starslord
sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.
Read more
sLoad launches version 2.0, Starslord
Featured image for Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
December 18, 2019
• 13 min read
Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats.
Read more
Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
December 12, 2019
• 8 min read
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS.
Read more
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Featured image for Insights from one year of tracking a polymorphic threat
November 26, 2019
• 11 min read
Insights from one year of tracking a polymorphic threat
We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
Read more
Insights from one year of tracking a polymorphic threat
1
2
3
…
15
Next Page
