AMSI and Machine Learning Help to Stop Active Directory Attacks and Other Post-exploitation Behavior
AMSI-driven behavior-based machine learning protections are critical in detecting and stopping post-exploitation activities like BloodHound-based and Kerberoasting attacks, which employ evasive malicious scripts, including fileless components. With AMSI, script content and behavior are exposed, allowing Microsoft Defender ATP to foil reconnaissance activities and prevent attacks from progressing.
To dive deeper into this subject, read more from the Microsoft Defender ATP Research Team here.
Learn more about securing hybrid Microsoft environments in our on-demand webinar, 3 Keys to Secure Hybrid Microsoft Management.