Research on how attackers abuse legitimate Microsoft tools and Windows features.
Attackers can leverage legitimate Microsoft signed binaries to load and inject malicious DLLs into running processes, effectively bypassing application whitelisting and endpoint security.
Advanced malware can execute PowerShell commands without ever calling powershell.exe, effectively bypassing many endpoint security solutions. This research explores the techniques used and how to …
Dynamic Data Exchange (DDE) is a legitimate Microsoft Office feature that attackers exploit to execute arbitrary commands without requiring macro-enabled documents.
Microsoft HTML Application Host (mshta.exe) and other HTML interpreters can be leveraged by attackers to execute malicious scripts while evading traditional security controls.