What’s new in Windows Defender ATP Fall Creators Update

Discussion in 'other anti-malware software' started by ronjor, Jun 27, 2017.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    64,332
    Location:
    Texas
    Detecting reflective DLL loading with Windows Defender ATP
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    10,536
    Location:
    The Netherlands
    Very interesting article, this also shows how sneaky "reflective DLL loading" really is.

    Windows Defender ATP seems to be a pretty decent tool. :thumb:
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    6,466
    Location:
    U.S.A.
    I have a test user mode DoublePulsar reflective loader I can point anyone to if they want to test WD ATP using it. It doesn't physically inject the memory of the targeted process. Rather it hooks a thread into the targeted process and runs the .dll from the attack process.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.