Ghost in the shell: Investigating web shell attacks
Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
Cyberattacker techniques, tools, and infrastructure
Cyberattackers constantly evolve their techniques, tools, and infrastructure to launch increasingly complex attacks. Learn about the latest tactics and how to detect, disrupt, and defend against them.
Refine results
Topic
Products and services
Publish date
Simplify endpoint management with Microsoft Intune
Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.
-
-
sLoad launches version 2.0, Starslord
sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine. -
Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats. -
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. Secure and verify every identity with Microsoft Entra
Microsoft Entra expands beyond identity and access management with new product categories such as cloud infrastructure entitlement management (CIEM) and decentralized identity.
-
GALLIUM: Targeting global telecom
Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. -
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks
Two new machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender ATP specialize in detecting threats by analyzing behavior, adding new layers of protection after an attack has started running. -
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
A new fileless malware campaign we dubbed Nodersok delivers two very unusual LOLBins to turn infected machines into zombie proxies. -
Protect against BlueKeep
DART offers steps you can take to protect your network from BlueKeep, the “wormable” vulnerability that can create a large-scale outbreak due to its ability to replicate and propagate. Prevent threats with Microsoft Defender
The Microsoft Defender family offers comprehensive threat prevention, detection, and response capabilities for everyone—from individuals looking to protect their family to the world’s largest enterprises.
-
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Advanced technologies in Microsoft Defender ATP’s Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory -
Detecting credential theft through memory access modelling with Microsoft Defender ATP
Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. -
From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw
Our discovery of two privilege escalation vulnerabilities in a driver highlights the strength of Microsoft Defender ATP’s sensors. -
Recommendations for deploying the latest Attack surface reduction rules for maximum impact
Attack surface reduction is a technique to remove or constrain exploitable behaviors in your systems.
