Lucene search
K

16 matches found

Trellix
Trellix
added 2026/04/14 12:0 a.m.6 views

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense

DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense By Maulik Maheta and Chao Sun · April 14, 2026 Executive summary A DCSync attack is one of the most formidable techniques an adversary can deploy after gaining a foothold in an Active Directory AD environmen...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/02/07 1:8 a.m.12 views

Analysis of active exploitation of SolarWinds Web Help Desk

The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...

9.8CVSS9.6AI score0.8833EPSS
Exploits5
Citrix
Citrix
added 2023/01/13 12:0 a.m.8 views

Setup syslog for Splunk

You can now integrate Citrix ADM with Splunk to view analytics for WAF, Bot, and behavior-based violations in your Splunk dashboard. Splunk add-on enables you to: Combine all other external data sources. Provide greater visibility of analytics in a centralized place. Citrix ADM collects Bot, WAF,...

7AI score
Exploits0
CNVD
CNVD
added 2022/07/22 12:0 a.m.28 views

IBM QRadar Network Security Trust Management Issue Vulnerability

IBM QRadar Network Security is a network security manager from IBM, USA. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.IBM QRadar Network...

5CVSS2.8AI score0.00778EPSS
Exploits0Affected Software1
HackRead
HackRead
added 2022/03/15 5:9 p.m.15 views

Behavior-based vs IOC-based Threat Detection Approaches: How to Prioritize?

By Waqas A core cybersecurity procedure usually includes running detection rules based on the Indicators of Compromise IOCs. However, the… This is a post from HackRead.com Read the original post: Behavior-based vs IOC-based Threat Detection Approaches: How to Prioritize?...

2.7AI score
Exploits0
CNVD
CNVD
added 2021/11/12 12:0 a.m.15 views

IBM QRadar Network Security Cross-Site Scripting Vulnerability (CNVD-2021-88187)

IBM QRadar Network Security is a network security manager from IBM, USA. It is used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats. A cross-site...

5.4CVSS5.3AI score0.0048EPSS
Exploits0References1
hivepro
hivepro
added 2021/09/09 10:18 a.m.25 views

AntiVirus Evasion Techniques

Introduction Antivirus software looks for, detects, and eliminates viruses as well as other harmful software such as worms, trojans, adware, and others. Such programs are intended to be used as a preventative measure in cyber security, preventing threats from entering your computer and causing...

0.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/12/10 5:0 p.m.115 views

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat...

7.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/07/23 4:0 p.m.28 views

Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection

The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as across domains, machine learning...

7.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2020/06/24 4:0 p.m.3646 views

Defending Exchange servers under attack

Securing Exchange servers is one of the most important things defenders can do to limit organizational exposure to attacks. Any threat or vulnerability impacting Exchange servers should be treated with the highest priority because these servers contain critical business data, as well as highly...

9CVSS0.3AI score0.99965EPSS
Exploits30
The Hacker News
The Hacker News
added 2018/12/05 10:58 a.m.130 views

SNDBOX: AI-Powered Online Automated Malware Analysis Platform

Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/09/24 5:13 p.m.29 views

Adwind RAT Scurries By AV Software With New DDE Variant

A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool RAT – and using a fresh take on the Dynamic Data Exchange DDE code-injection technique for anti-virus evasion. The spam campaign features two types of droppers that leverage a new variant to the already-known DDE...

0.8AI score
Exploits0References3
Microsoft Malware Protection
Microsoft Malware Protection
added 2017/12/11 1:58 p.m.47 views

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...

6.6AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2017/12/04 2:0 p.m.2127 views

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...

9.3CVSS8AI score0.88698EPSS
Exploits14
The Hacker News
The Hacker News
added 2017/05/19 9:41 p.m.17 views

Google Adds New Behavior-Based Malware Scanner To Every Android Device

In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called Google Play Protect. Google Play Protect, which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2004/09/08 12:0 a.m.61 views

RKDetect - behaviour based rootkit detection utility

Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. Tool very simply. It enumerates services on remote computer through WMI user level and Services Control Manager kernel level, compare result and display difference. In this...

0.7AI score
Exploits0References2
Rows per page
Query Builder