bypass an attack surface reduction rule

Tricks and COMfoolery: How Ursnif Evades Detection

Posted on March 7, 2019 by Alex Holland

Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass a Windows Defender attack surface reduction rule Fast evolution of d… Continue reading Tricks and COMfoolery: How Ursnif Evades Detection→