Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
New Microsoft Defender feature makes Hacked Accounts Work against Hackers
Message
<blockquote data-quote="Brianwill" data-source="post: 191" data-attributes="member: 15"><p>This option is several steps ahead of hackers and leaves them no chance to attack.</p><p></p><p>Microsoft introduced a new Defender for Endpoint feature called "Contain User" to automatically interrupt attacks, which isolates compromised user accounts and blocks lateral movement in hands-on-keyboard attacks. The new option is available in the public preview version.</p><p></p><p>In incidents such as ransomware attacks, attackers break into networks, perform Lateral Movement (Lateral Movement) after privilege escalation using stolen accounts, and deploy malicious loads.</p><p></p><p><img src="https://www.securitylab.ru/upload/medialibrary/d69/uo4f9eyc92tzqq115fl30ad9rv95n72v.png" alt="uo4f9eyc92tzqq115fl30ad9rv95n72v.png" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p><em>Displaying an isolated user in the Microsoft Defender control Panel</em></p><p></p><p>According to Microsoft representatives, Defender for Endpoint now prevents cybercriminals from trying to break into victims ' on-premises or cloud IT infrastructure by temporarily isolating compromised user accounts (so-called "suspicious identities") that hackers can use to achieve their goals, including lateral movement, credential theft, data exfiltration, etc. remote file encryption.</p><p></p><p>The function will be active by default and will detect if the compromised user has any communication with another endpoint, and immediately terminate all incoming and outgoing connections between them.</p><p></p><p><img src="https://i.ytimg.com/vi/dMIvouN-nQE/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGDUgUSh_MA8=&rs=AOn4CLD9Dz4WpfCDJyz3aBLxswMjzPLOgA" alt="www.youtube.com" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>According to Microsoft, when the initial stages of an attack are detected on an endpoint using Microsoft 365 Defender, the automatic attack abort feature will block the attack on that device. At the same time, Defender for Endpoint "grafts" all other devices in the organization, blocking incoming malicious traffic, while allowing legitimate traffic, leaving no chance for attackers to attack. When the device is isolated, information security specialists get additional time to identify, identify and eliminate the threat.</p><p></p><p>Recall that in June 2022, Microsoft introduced the Defender for Endpoint feature, which isolates compromised Windows devices. After the computer is marked as isolated, MDE will block all connections and data exchange with the device on the network. If a cybercriminal changes the computer's IP address, all registered devices will block communication even with the new IP address.</p></blockquote><p></p>
[QUOTE="Brianwill, post: 191, member: 15"] This option is several steps ahead of hackers and leaves them no chance to attack. Microsoft introduced a new Defender for Endpoint feature called "Contain User" to automatically interrupt attacks, which isolates compromised user accounts and blocks lateral movement in hands-on-keyboard attacks. The new option is available in the public preview version. In incidents such as ransomware attacks, attackers break into networks, perform Lateral Movement (Lateral Movement) after privilege escalation using stolen accounts, and deploy malicious loads. [IMG alt="uo4f9eyc92tzqq115fl30ad9rv95n72v.png"]https://www.securitylab.ru/upload/medialibrary/d69/uo4f9eyc92tzqq115fl30ad9rv95n72v.png[/IMG] [I]Displaying an isolated user in the Microsoft Defender control Panel[/I] According to Microsoft representatives, Defender for Endpoint now prevents cybercriminals from trying to break into victims ' on-premises or cloud IT infrastructure by temporarily isolating compromised user accounts (so-called "suspicious identities") that hackers can use to achieve their goals, including lateral movement, credential theft, data exfiltration, etc. remote file encryption. The function will be active by default and will detect if the compromised user has any communication with another endpoint, and immediately terminate all incoming and outgoing connections between them. [IMG alt="www.youtube.com"]https://i.ytimg.com/vi/dMIvouN-nQE/maxresdefault.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGDUgUSh_MA8=&rs=AOn4CLD9Dz4WpfCDJyz3aBLxswMjzPLOgA[/IMG] According to Microsoft, when the initial stages of an attack are detected on an endpoint using Microsoft 365 Defender, the automatic attack abort feature will block the attack on that device. At the same time, Defender for Endpoint "grafts" all other devices in the organization, blocking incoming malicious traffic, while allowing legitimate traffic, leaving no chance for attackers to attack. When the device is isolated, information security specialists get additional time to identify, identify and eliminate the threat. Recall that in June 2022, Microsoft introduced the Defender for Endpoint feature, which isolates compromised Windows devices. After the computer is marked as isolated, MDE will block all connections and data exchange with the device on the network. If a cybercriminal changes the computer's IP address, all registered devices will block communication even with the new IP address. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
New Microsoft Defender feature makes Hacked Accounts Work against Hackers
Top