The DFIR Report
@TheDFIRReport
Real Intrusions by Real Attackers, the Truth Behind the Intrusion.
Detections: https://t.co/MtC3iGd1km | Services: https://t.co/XW613EKt2w |
03-04-2020 01:33:43
960 Tweets
40,3K Followers
0 Following
The DFIR Report MISP (@[email protected]) Was any determination made as to how Windows Defender was 'turned off'?
Defender Control, possibly?
Harbulary Battery MISP (@[email protected]) We didn't see Defender Control during this intrusion and we didn't see any commands run or reg keys created around that time, which leads us to believe it was manually turned off but can't confirm. Here's the log