Source |
McAfee Labs |
Identifiant |
1165694 |
Date de publication |
2019-06-20 16:00:01 (vue: 2019-06-20 19:00:56) |
Titre |
In NTDLL I Trust – Process Reimaging and Endpoint Security Solution Bypass |
Texte |
Process Reimaging Overview The Windows Operating System has inconsistencies in how it determines process image FILE_OBJECT locations, which impacts non-EDR (Endpoint Detection and Response) Endpoint Security Solution's (such as Microsoft Defender Realtime Protection), ability to detect the correct binaries loaded in malicious processes. This inconsistency has led McAfee's Advanced Threat Research to develop a new […]
|
Envoyé |
Oui |
Condensat |
ability advanced appeared binaries blogs bypass correct defender detect detection determines develop edr endpoint file first has how image impacts inconsistencies inconsistency led loaded locations malicious mcafee microsoft new non ntdll object operating overview post process processes protection realtime reimaging research response security solution such system threat trust which windows |
Tags |
Threat
|
Stories |
|
Notes |
|
Move |
|