Home
%3CLINGO-SUB%20id%3D%22lingo-sub-133849%22%20slang%3D%22en-US%22%3EHow%20we%20detect%20script-based%20attacks%20with%20Windows%20Defender%20ATP%20%26amp%3B%20AMSI%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-133849%22%20slang%3D%22en-US%22%3E%3CP%3EHappy%20Monday%20folks!%20Check%20out%20this%20awesome%20new%20blog%20post%20from%20the%20WDATP%20Research%20team%2C%20on%20unearthing%20script-based%20attacks%20with%20the%20combined%20power%20of%20WDATP%20and%20the%20Anti-Malware%20Scan%20Interface%20(AMSI)%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fmmpc%2F2017%2F12%2F04%2Fwindows-defender-atp-machine-learning-and-amsi-unearthing-script-based-attacks-that-live-off-the-land%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fmmpc%2F2017%2F12%2F04%2Fwindows-defender-atp-machine-learning-and-amsi-unearthing-script-based-attacks-that-live-off-the-land%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20class%3D%22site%20container-fluid%22%20id%3D%22page%22%3E%0A%3CDIV%20class%3D%22site-content%20row%22%20id%3D%22site-content%22%3E%0A%3CDIV%20class%3D%22content-area%20col-sm-9%22%20id%3D%22primary%22%3E%0A%3CDIV%20class%3D%22div-content%22%20id%3D%22single-content%22%3E%0A%3CARTICLE%20class%3D%22post-16866%20post%20type-post%20status-publish%20format-standard%20hentry%20category-apt%20category-javascript%20category-powershell%20category-windows-10%20category-fall-creators-update%20category-windows-defender-atp%20category-windows-defender%20category-research%20category-technologies%20tag-amsi%20tag-antimalware-scan-interface%20tag-fileless%20tag-fileless-malware%20tag-in-memory-attacks%20tag-javascript%20tag-kovter%20tag-krypton%20tag-live-off-the-land%20tag-machine-learning%20tag-powershell%20tag-script-based%20tag-vbscript%20tag-windows-10-fall-creators-update%20tag-windows-defender-antivirus%20tag-windows-defender-atp%22%20id%3D%22post-16866%22%3E%0A%3CDIV%20class%3D%22entry-content%20single%22%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2F2017%2F12%2F8-amsi-ml-process-tree.png%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CIMG%20width%3D%22650%22%20height%3D%22291%22%20class%3D%22alignnone%20wp-image-16975%22%20alt%3D%22Process%20tree%20augmented%20by%20instrumentation%20for%20AMSI%20data%22%20src%3D%22https%3A%2F%2Fmsdnshared.blob.core.windows.net%2Fmedia%2F2017%2F12%2F8-amsi-ml-process-tree.png%22%20border%3D%220%22%20%2F%3E%3C%2FA%3E%3C%2FP%3E%0A%3C%2FDIV%3E%0A%3C%2FARTICLE%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E
Microsoft

Happy Monday folks! Check out this awesome new blog post from the WDATP Research team, on unearthing script-based attacks with the combined power of WDATP and the Anti-Malware Scan Interface (AMSI):

 

https://blogs.technet.microsoft.com/mmpc/2017/12/04/windows-defender-atp-machine-learning-and-amsi-u...

 

Process tree augmented by instrumentation for AMSI data