AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well it Does it.

by Nikhil Mittal Sept. 14, 2017 via www.blackhat.com submitted by belen_caty

In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI) which is designed to target script-based attacks and malware. AMSI targets malicious scripts written in PowerShell, VBScript, JScript etc. and drastically improves detection and blocking rate of malicious scripts. When a piece of code is submitted for execution to the scripting host, AMSI steps in and the code is scanned for malicious content. What makes AMSI effective is, no matter how obfuscated the code is, it needs to be presented to the script host in clear text and unobfuscated. Moreover, since the code is submitted to AMSI just before execution, it doesn't matter if the code came from disk, memory or was entered interactively. AMSI is an open interface and MS says any application will be able to call its APIs. Currently, Windows Defender uses it on Windows 10. Has Microsoft finally killed script-based attacks? What are the ways out? The talk will be full of live demonstrations.

https://www.blackhat.com/us-16/briefings.html#amsi-how-windows-10-plans-to-stop-script-based-atta...

Avatar
Steven Ulm 1 month ago

I doubt that Windows 10 will really prove to be efficient in stopping the Script-Based Attacks!

Reply