Hacker. Automated Memory Analysis & Integrity at 
I believe we used the CVE event a couple of years ago for a win32k vulnerability but I'd need to go dig it up. If this is useful for folks we'd love the feedback, especially if you are seeing the event get triggered by attackers. Will motivate us to use it more :-).
Awesome thread on the new event to detect CVE-2020-0601 attempts. Microsoft is doing a great job adding new events for EDRs for event driven detection. Is there an official refreshed documentation with all the latest events?https://twitter.com/mattifestation/status/1217179698008068096 …
-
-
-
Yeah there is at least one CVE ETW that we made a detection in ATP
- Još 3 druga odgovora
Novi razgovor -
-
-
The triggering API should be on msdn. I think it includes the provider name. There are two possible events, one for kernel- and one for user mode. Each one has only been used once thus far (win32k bug + this crypt32 one)
-
A centralized documentation would be nice though. And happy new year
@depletionmode !
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.