Skip to main content
This site uses cookies for analytics, personalized content and ads. By continuing to browse this site, you agree to this use.
Learn more
Skip to main content
Microsoft
Security
Security
Security
Home
Solutions
Solutions overview
Zero Trust
Identity & access management
Threat protection
Information protection
Cloud Security
Products
Users & Devices
Azure Active Directory
Azure IoT Central
Azure Sphere
Microsoft Authenticator
Microsoft Intune
Windows 10
Data & Apps
Azure Dedicated HSM Gateway
Azure Information Protection
Azure Key Vault
Microsoft Cloud App Security
Threat Protection
Azure Advanced Threat Protection
Azure Sentinel
Microsoft Defender Advanced Threat Protection
Office 365 Advanced Threat Protection
Microsoft Secure Score
Infrastructure
Azure Application Gateway
Azure DDoS Protection
Azure Security Center
Azure VPN Gateway
Operations & Intelligence
Operations Overview
Intelligence
Intelligence report
Partners
Partners Overview
Find a partner
Security Association
Government partners
Industry Alliances
Resources
Security fundamentals
Webcasts, whitepapers & more
Events
Security blog
Trust Center
Trust Center
Security
Privacy
Compliance
Service Trust Portal
More
All Microsoft
Microsoft 365
Azure
Office 365
Dynamics 365
SQL
Windows 10
Products & Services
Windows Server
Enterprise Mobility + Security
Power BI
Teams
Visual Studio
Microsoft Advertising
Emerging Technologies
AI
Internet of Things
Azure Cognitive Services
Quantum
Microsoft HoloLens
Mixed Reality
Developer & IT
Docs
TechNet
Developer Network
Windows Dev Center
Windows IT Pro Center
FastTrack
Partner
Partner Network
Solution Providers
Partner Center
Cloud Hosting
Industries
Education
Financial services
Government
Health
Manufacturing & resources
Retail
Other
Security
Licensing
AppSource
Azure Marketplace
Events
Research
View Sitemap
Search
Search Microsoft.com
Cancel
Sign in
Author: windows-defender-research
Featured image for Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
December 12, 2019
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS.
Read more
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Featured image for Insights from one year of tracking a polymorphic threat
November 26, 2019
Insights from one year of tracking a polymorphic threat
We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
Read more
Insights from one year of tracking a polymorphic threat
Featured image for Microsoft works with researchers to detect and protect against new RDP exploits
November 7, 2019
Microsoft works with researchers to detect and protect against new RDP exploits
The new exploit attacks show that BlueKeep will be a threat as long as systems remain unpatched, credential hygiene is not achieved, and overall security posture is not kept in check.
Read more
Microsoft works with researchers to detect and protect against new RDP exploits
Featured image for In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks
October 8, 2019
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks
Two new machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender ATP specialize in detecting threats by analyzing behavior, adding new layers of protection after an attack has started running.
Read more
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks
Featured image for Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
September 26, 2019
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
A new fileless malware campaign we dubbed Nodersok delivers two very unusual LOLBins to turn infected machines into zombie proxies.
Read more
Bring your own LOLBin: Multi-stage, fileless Nodersok campaign delivers rare Node.js-based malware
Featured image for From unstructured data to actionable intelligence: Using machine learning for threat intelligence
August 8, 2019
From unstructured data to actionable intelligence: Using machine learning for threat intelligence
Machine learning and natural language processing can automate the processing of unstructured text for insightful, actionable threat intelligence.
Read more
From unstructured data to actionable intelligence: Using machine learning for threat intelligence
Featured image for A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
August 7, 2019
A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.
Read more
A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response
Featured image for How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
July 31, 2019
How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
The deep integration of Windows Defender Antivirus with hardware-based isolation capabilities allows the detection of artifacts of attacks that tamper with kernel-mode agents at the hypervisor level.
Read more
How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection
Featured image for New machine learning model sifts through the good to unearth the bad in evasive malware
July 25, 2019
New machine learning model sifts through the good to unearth the bad in evasive malware
Most machine learning models are trained on a mix of malicious and clean features. Attackers routinely try to throw these models off balance by stuffing clean features into malware. Monotonic models are resistant against adversarial attacks because they are trained differently: they only look for malicious features. The magic is this: Attackers can’t evade a monotonic model by adding clean features. To evade a monotonic model, an attacker would have to remove malicious features.
Read more
New machine learning model sifts through the good to unearth the bad in evasive malware
Featured image for Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
July 8, 2019
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
Advanced technologies in Microsoft Defender ATP's Antivirus exposed and defeated a widespread fileless campaign that completely “lived off the land” throughout a complex attack chain that run the info-stealing backdoor Astaroth directly in memory
Read more
Dismantling a fileless campaign: Microsoft Defender ATP’s Antivirus exposes Astaroth attack
1
2
3
…
14
Next