Microsoft Defender Security Research Team, Author at Microsoft Security Blog

Cybersecurity
July 18, 2017
6 min read

Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware

For cybercriminals, speed is the name of the game.

Cybersecurity
July 12, 2017
6 min read

Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing

Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage.

Cloud Access Security Broker
June 30, 2017
8 min read

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

On May 12, there was a major outbreak of WannaCrypt ransomware.

Cybersecurity
June 27, 2017
10 min read

New ransomware, old techniques: Petya adds worm capabilities

On June 27, 2017 reports of a ransomware infection began spreading across Europe.

Cybersecurity
June 16, 2017
8 min read

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits.

Cybersecurity
May 12, 2017
9 min read

WannaCrypt ransomware worm targets out-of-date systems

In this blog, we provide an early analysis of the end-to-end ransomware attack.

Sample TechBrolo site with dialogue loop and fake support number.

Cybersecurity
April 3, 2017
23 min read

Tech support scams persist with increasingly crafty techniques

Technical support scams continue to evolve, employing more and more complex social engineering tactics that can increase panic and create a false sense of legitimacy or urgency in an effort to get more victims.

Cybersecurity
March 27, 2017
6 min read

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

On March 14, 2017, Microsoft released security bulletin MS17-013 to address CVE-2017-0005, a vulnerability in the Windows Win32k component that could potentially allow elevation of privileges.

Cybersecurity
March 8, 2017
7 min read

Uncovering cross-process injection with Windows Defender ATP

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity.

You can detect that the fake browser is different from the real one

Cybersecurity
March 2, 2017
4 min read

Breaking down a notably sophisticated tech support scam M.O.

The cornerstone of tech support scams is the deception that there is something wrong with your PC.

Cybersecurity
January 26, 2017
5 min read

Phishers unleash simple but effective social engineering techniques using PDF attachments

The Gmail phishing attack is reportedly so effective that it tricks even technical users, but it may be just the tip of the iceberg.

Cybersecurity
December 14, 2016
3 min read

Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe

Targeted attacks are typically carried out against individuals to obtain intellectual property and other valuable data from target organizations.

Microsoft Defender Security Research Team posts