Tanmay Ganacharya

Sample Microsoft Defender ATP alerts related to web shell attackspic.twitter.com/tf1kwAodp0

Multiple threat actors, including ZINC, KRYPTON, and GALLIUM, have been observed utilizing web shells in their campaigns. Microsoft Defender Advanced Threat Protection (ATP) detects an average of 77,000 web shell and related artifacts on an average of 46,000 distinct machines.pic.twitter.com/HPlOjOuwS2

Read about our investigation of web shell attacks, which allow adversaries to run commands and steal data from vulnerable or misconfigured Internet-facing servers, or to use the compromised servers as launch pads for further attacks. https://www.microsoft.com/security/blog/2020/02/04/ghost-in-the-shell-investigating-web-shell-attacks/ …pic.twitter.com/VXD2aZpXHy

Enable PUA protection in Chromium-based Microsoft Edge From the tool bar, select Settings and more > Settings. Select Privacy and services. Under the Services section, you can toggle Potentially unwanted app blocking on or off.pic.twitter.com/RiEE0GI38Y

Potentially unwanted applications (PUA) are not considered malware, but they might perform actions on endpoints which adversely affect endpoint performance or use. We are adding protection against such PUA downloads in the next version of Microsoft Edge via Defender SmartScreen.pic.twitter.com/AMUqXhq8WN

Dudear is back in operations after a short break. More details: https://twitter.com/MsftSecIntel/status/1222995250911703041 …pic.twitter.com/ERj6Fn9YKz

sLoad, the PowerShell-based Trojan downloader notable for its almost exclusive use of the Background Intelligent Transfer Service (BITS) for malicious activities, has launched version 2.0. Read about what's changed in our new blog: https://www.microsoft.com/security/blog/2020/01/21/sload-launches-version-2-0-starslord/ …pic.twitter.com/NVGb7eKg5t

In-depth analysis of PowerShell-based downloader Trojan sLoad, which uses the Background Intelligent Transfer Service (BITS) almost exclusively as alternative protocol for data exfiltration and most of its other malicious activities Details: https://www.microsoft.com/security/blog/2019/12/12/multi-stage-downloader-trojan-sload-abuses-bits-almost-exclusively-for-malicious-activities/ …pic.twitter.com/7gqdW48N6b

Microsoft Security—a Leader in 5 Gartner Magic Quadrants Endpoint Protection Platforms Cloud Access Security Broker (CASB) solutions Access Management Enterprise Information Archiving Unified Endpoint Management (UEM) tools Details: https://www.microsoft.com/security/blog/2019/12/03/microsoft-security-leader-5-gartner-magic-quadrants/ …pic.twitter.com/yVp1gPAudJ

Combination of rich campaign analysis, paired with powerful tools like Threat Explorer & Threat Trackers can help organizations comprehensively improve their security posture, remediate issues & drive more thorough investigation, hunting & response to help secure the organizationpic.twitter.com/P3fVAhH706

Introducing campaign views in Office 365 Advanced Threat Protection The additional context and visibility available in these campaign views provide the full story of how attackers targeted the organization and its users and how their defenses held up (or not).pic.twitter.com/M2u8PWOQDZ

Our popular advanced hunting tool allows customers to perform free-form investigations using a powerful query engine. Now, customers can use this capability to search for threats across macOS devices, exploring up to 30 days of raw datapic.twitter.com/pPUquM9uGk

With MDATP for Mac, customers can better protect macOS endpoints, get these machines onboarded in the same portal as their Windows devices & expand the single pane of glass experience to include macOS-related alerts.pic.twitter.com/evmKTcbEob