Skip to main content
Skip to main content
Microsoft
Security
Security
Security
Home
Solutions
Solutions overview
Secure remote work
Zero Trust
Identity & access management
Threat protection
Information protection
Cloud security
Products
App and email security
Microsoft Defender for Office 365
Microsoft Cloud App Security
Azure Key Vault
Azure Dedicated HSM
Compliance
Insider risk management
Information protection and governance
Endpoint security
Microsoft Defender for Endpoint
Microsoft Endpoint Manager
Microsoft Intune
Azure IoT Central
Azure Sphere
Identity and access management
Azure Active Directory
Microsoft Authenticator
Microsoft Defender for Identity
Network security
Azure Application Gateway
Azure VPN Gateway
Azure DDoS Protection
Azure Firewall manager
Azure Front-door
Azure Web Application Firewall
Security posture
Azure Security Center
Microsoft Secure Score
SIEM and XDR
Azure Sentinel
Microsoft 365 Defender
Azure Defender
SIEM and XDR overview
Operations
Partners
Partners Overview
Find a partner
Security Association
Government partners
Industry Alliances
Resources
Security fundamentals
Webcasts, whitepapers & more
Intelligence
Events
Security blog
Trust Center
Trust Center
Security
Privacy
Compliance
Service Trust Portal
More
All Microsoft
Microsoft 365
Azure
Office 365
Dynamics 365
Power Platform
Windows 10
Products & Services
Windows Server
Enterprise Mobility + Security
Power BI
Teams
Visual Studio
Microsoft Advertising
Emerging Technologies
AI
Internet of Things
Azure Cognitive Services
Quantum
Microsoft HoloLens
Mixed Reality
Developer & IT
Docs
Developer Center
Windows Dev Center
Windows IT Pro Center
FastTrack
Power Platform
Partner
Partner Network
Solution Providers
Partner Center
Cloud Hosting
Industries
Education
Financial services
Government
Health
Manufacturing & resources
Retail
Other
Security
Licensing
AppSource
Azure Marketplace
Events
Research
View Sitemap
Search
Search Microsoft.com
Cancel
Sign in
Author: Microsoft Defender ATP Research Team
Featured image for Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
August 27, 2020
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Microsoft Defender ATP leverages AMSI’s visibility into scripts and harnesses the power of machine learning to detect and stop post-exploitation activities that largely rely on scripts.
Read more
Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
Featured image for Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
July 23, 2020
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
Learn how we're using deep learning to build a powerful, high-precision classification model for long sequences of wide-ranging signals occurring at different times.
Read more
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
Featured image for Defending Exchange servers under attack
June 24, 2020
Defending Exchange servers under attack
Exchange servers are high-value targets. These attacks also tend to be advanced threats with highly evasive, fileless techniques. Keeping these servers safe from these advanced attacks is of utmost importance.
Read more
Defending Exchange servers under attack
Featured image for Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
March 23, 2020
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Astaroth is back sporting significant changes. The updated attack chain maintains Astaroth’s complex, multi-component nature and continues its pattern of detection evasion.
Read more
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Featured image for Behavioral blocking and containment: Transforming optics into protection
March 9, 2020
Behavioral blocking and containment: Transforming optics into protection
Behavioral blocking and containment capabilities leverage multiple Microsoft Defender ATP components and features to immediately stop attacks before they can progress. We have expanded these capabilities to get even broader visibility into malicious behavior by using a rapid protection loop engine that leverages endpoint and detection response (EDR) sensors.
Read more
Behavioral blocking and containment: Transforming optics into protection
Featured image for Ghost in the shell: Investigating web shell attacks
February 4, 2020
Ghost in the shell: Investigating web shell attacks
Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.
Read more
Ghost in the shell: Investigating web shell attacks
Featured image for sLoad launches version 2.0, Starslord
January 21, 2020
sLoad launches version 2.0, Starslord
sLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.
Read more
sLoad launches version 2.0, Starslord
Featured image for Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
December 18, 2019
Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
Microsoft Defender ATP data scientists and threat hunters collaborate to use a data science-driven approach to detecting RDP brute force attacks to protect customers against real-world threats.
Read more
Data science for cybersecurity: A probabilistic time series model for detecting RDP inbound brute force attacks
December 12, 2019
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS.
Read more
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
Featured image for Insights from one year of tracking a polymorphic threat
November 26, 2019
Insights from one year of tracking a polymorphic threat
We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures. One year’s worth of intelligence helped us gain insight not only into the goals and motivations of Dexphot’s authors, but of cybercriminals in general.
Read more
Insights from one year of tracking a polymorphic threat
1
2
3
…
15
Next
