Demo 2/6 - MS Defender ATP - Deliver Malware

Attacks that introduce file-based malware using socially engineered email are quite common. Recipients are tricked into launching a backdoor that gives attackers control
over what is now a compromised machine.

This demo simulates attacks that are launched using a socially engineered word document in a spear-phishing email. The attack is designed to ensure that the receiver doesn’t suspect a thing and unwittingly opens the document. The document, however, is weaponized with crafted macro code that silently drops and loads an executable file onto the machine. The executable then writes to a registry Run key and creates a scheduled task, both commonly known auto-start extensibility points.

After the attack finishes, we can explore and understand how Microsoft Defender ATP detects the attack and enables prompt investigation and response


I was honored to be speaking at the first Security BSides Conference in Amman Jordan [20 April 2019 – ASU]. As requested by many attendees, I am making this session available online and the slides available on SlideShare.

The slides are available on SlideShare here:
https://www.slideshare.net/ammarhasay...

This is part of a full session I presented in BSides Amman Security Conference.
   • Security BSides Amman 2019 - Advanced Wind...  


Connect with me
----------------------------
About me: https://me.ahasayen.com
Blog: https://blog.ahasayen.com
Twitter:   / ammarhasayen  
LinkedIn:   / ammarhasayen  
Instagram:   / ammarhasayen  
SlideShare: https://www.slideshare.net/ammarhasayen

Learn more about Bsides Amman
  / bsidesamman  

View my Pluralsight course : Implementing Azure AD Privileged Identity Management
https://www.pluralsight.com/courses/m...