This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove Data preservation Remove Software Remove Whitepaper Related Topics
Antivirus Encryption Engineering More Related Topics >
article thumbnail

Reverse, Reveal, Recover: Windows Defender Quarantine Forensics

Fox IT

DECEMBER 13, 2023

Introduction During incident response engagements we often encounter antivirus applications that have rightfully triggered on malicious software that was deployed by threat actors. Pivotting off of public scripts and Bauch’s whitepaper, we loaded mpengine.dll into IDA to further review how Windows Defender places a file into quarantine.

Encryption 129
Encryption Antivirus Engineering Data preservation 129
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 29,000+ Insiders by signing up for our newsletter

About
Webinars
About
Editions
Webinars
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024