Reflective DLL loading – Computer Security Articles

Detecting credential theft through memory access modelling with Microsoft Defender ATP

May 24, 2019 admin credential dumping, credential theft, cybersecurity, Endpoint security, fileless, in-memory attacks, lateral movement, living-off-the-land, LSASS, lsass.exe, memory access modelling, Microsoft Defender ATP, Reflective DLL loading, Targeted Attacks, Windows Security

Credit to Author: Eric Avena| Date: Thu, 09 May 2019 17:29:45 +0000

Microsoft Defender ATP instruments memory-related function calls such as VirtualAlloc and VirtualProtect to catch in-memory attack techniques like reflective DLL loading. The same signals can also be used to generically detect malicious credential dumping activities performed by a wide range of different individual tools.

The post Detecting credential theft through memory access modelling with Microsoft Defender ATP appeared first on Microsoft Security .

Microsoft Security

Now you see me: Exposing fileless malware

January 24, 2018 admin cybersecurity, fileless malware, malware research, Powershell, Reflective DLL loading, research, script-based attacks, Windows 10, Windows 10 S, Windows Defender Antivirus, Windows Defender ATP, Windows Defender AV, Windows Defender Exploit Guard

Credit to Author: Windows Defender ATP| Date: Wed, 24 Jan 2018 14:00:21 +0000

Attackers are determined to circumvent security defenses using increasingly sophisticated techniques. Fileless malware boosts the stealth and effectiveness of an attack, and two of last years major ransomware outbreaks (Petya and WannaCry) used fileless techniques as part of their kill chains. The idea behind fileless malware is simple: If tools already exist on a device