Closed knightwolfjk closed 2 years ago
@knightwolfjk, thank you so much for the submission! This is really interesting.
Beyond the Microsoft documentation, can you explain a little more about how this looks on the system, and why it appears malicious?
@knightwolfjk,
I'm closing this for now because I need additional details as to how it would appear to be malicious during threat hunting or incident response.
Contributor Name: @RoboDoughnut
Application/Executable: Windows 10 (and other Windows flavors)
WTF Behavior Description: (h/t to @purp1ew0lf, his NDCC submission was inspiring)
Link to Documentation of Behavior: USB NCM on Factory OS