Home Presentations Badly behaving scripts

Badly behaving scripts


As browser and operating system security have been improving, there has been a rise in conventional malware attacks relying instead on social-engineering based attacks. These socially-engineered attacks often rely on emails containing script-based malware loaders such as JavaScript, Visual Basic Script, or HTA files. When run, these scripts will be hosted with a Windows script execution engine and usually proceeds to download and run malware such as ransomware. Versions of Windows 10 have behavior instrumentation of some of the script execution engines in place, which passes behavior during execution to the default installed security product for scanning through the AMSI interface. In this presentation,
Geoff McDonald and Moustafa Saleh will present how they use this feature combined with machine learning in Windows Defender AV to protect against these attacks by pairing lightweight client behavior models with heavier real-time cloud models:

Load More Related Articles
Load More In Presentations
Comments are closed.