What’s new in Windows Defender ATP Fall Creators Update

Discussion in 'other anti-malware software' started by ronjor, Jun 27, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    61,211
    Location:
    Texas
    Detecting reflective DLL loading with Windows Defender ATP
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    9,726
    Location:
    The Netherlands
    Very interesting article, this also shows how sneaky "reflective DLL loading" really is.

    Windows Defender ATP seems to be a pretty decent tool. :thumb:
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    5,366
    Location:
    U.S.A.
    I have a test user mode DoublePulsar reflective loader I can point anyone to if they want to test WD ATP using it. It doesn't physically inject the memory of the targeted process. Rather it hooks a thread into the targeted process and runs the .dll from the attack process.
     
Loading...