Bitdefender

Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...
Bitdefender

Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows

Another small portion of our MSHTA insights comes from seemingly legitimate login scripts executed through MSHTA one-liners that create a WScript.Shell object and run a local file in its context. This ...
GitHub

Examples & Recipes

This documentation shows how to run almost any application as a native Windows service using the Servy CLI, with practical examples across languages, runtimes, and infrastructure tools. Servy can turn ...
GitHub

disable_windows_behavior_monitoring.yml

description: The following analytic identifies modifications in the registry to disable Windows Defender's real-time behavior monitoring. It leverages data from the Endpoint.Registry data model, ...