The team recently got a false-negative report on the SmartScreen phishing filter complaining that we fail to block firstline-trucking.com. I passed it along to our graders but then took a closer look myself. I figured that maybe the legit site was probably at a very similar domain name, e.g. firstlinetrucking.com or something, but no suchContinue reading "Attack Techniques: Fake Literally Everything! (Escrow Scam)"| text/plain
Recently, there’s been a surge in the popularity of trojan clipboard attacks whereby the attacker convinces the user to carry their attack payload across a security boundary and compromise the device. Meanwhile, AI hype is all the rage. I recent had a bad experience in what I thought was a simple AI task (draw aContinue reading "Vibe-coding for security"| text/plain
Over the last several decades, the Windows team has added a stream of additional security mitigation features to the platform to help application developers harden their applications against exploi…| text/plain
Last November, I wrote a post about the basics of security software. In that post, I laid out how security software is composed of sensors and throttles controlled by threat intelligence. In today&…| text/plain
