16 matches found
DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense
DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense By Maulik Maheta and Chao Sun · April 14, 2026 Executive summary A DCSync attack is one of the most formidable techniques an adversary can deploy after gaining a foothold in an Active Directory AD environmen...
Analysis of active exploitation of SolarWinds Web Help Desk
The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...
Setup syslog for Splunk
You can now integrate Citrix ADM with Splunk to view analytics for WAF, Bot, and behavior-based violations in your Splunk dashboard. Splunk add-on enables you to: Combine all other external data sources. Provide greater visibility of analytics in a centralized place. Citrix ADM collects Bot, WAF,...
IBM QRadar Network Security Trust Management Issue Vulnerability
IBM QRadar Network Security is a network security manager from IBM, USA. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.IBM QRadar Network...
Behavior-based vs IOC-based Threat Detection Approaches: How to Prioritize?
By Waqas A core cybersecurity procedure usually includes running detection rules based on the Indicators of Compromise IOCs. However, the… This is a post from HackRead.com Read the original post: Behavior-based vs IOC-based Threat Detection Approaches: How to Prioritize?...
IBM QRadar Network Security Cross-Site Scripting Vulnerability (CNVD-2021-88187)
IBM QRadar Network Security is a network security manager from IBM, USA. It is used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats. A cross-site...
AntiVirus Evasion Techniques
Introduction Antivirus software looks for, detects, and eliminates viruses as well as other harmful software such as worms, trojans, adware, and others. Such programs are intended to be used as a preventative measure in cyber security, preventing threats from entering your computer and causing...
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat...
Seeing the big picture: Deep learning-based fusion of behavior signals for threat detection
The application of deep learning and other machine learning methods to threat detection on endpoints, email and docs, apps, and identities drives a significant piece of the coordinated defense delivered by Microsoft Threat Protection. Within each domain as well as across domains, machine learning...
Defending Exchange servers under attack
Securing Exchange servers is one of the most important things defenders can do to limit organizational exposure to attacks. Any threat or vulnerability impacting Exchange servers should be treated with the highest priority because these servers contain critical business data, as well as highly...
SNDBOX: AI-Powered Online Automated Malware Analysis Platform
Looking for an automated malware analysis software? Something like a 1-click solution that doesn't require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and...
Adwind RAT Scurries By AV Software With New DDE Variant
A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool RAT – and using a fresh take on the Dynamic Data Exchange DDE code-injection technique for anti-virus evasion. The spam campaign features two types of droppers that leverage a new variant to the already-known DDE...
Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses
Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to...
Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’
Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run...
Google Adds New Behavior-Based Malware Scanner To Every Android Device
In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called Google Play Protect. Google Play Protect, which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious...
RKDetect - behaviour based rootkit detection utility
Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. Tool very simply. It enumerates services on remote computer through WMI user level and Services Control Manager kernel level, compare result and display difference. In this...