Using process creation properties to catch evasion techniques
Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 30 Jun 2022 13:30:00 +0000
We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques include process doppelganging, process herpadering, and process ghosting.
The post Using process creation properties to catch evasion techniques appeared first on Microsoft Security Blog.
Read more