You've probably heard of Microsoft's new Recall feature by now. It's a info stealer's dream come true. There has been a lot of information release about how this new feature is a security nightmare and how it works. But today we are going to dig in and discover how to actually detect abuse of this new feature.

✅ *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*

📢 *Have questions or topics you’d like us to cover? Drop a comment below!*

👋 *Follow us:*
https://www.linkedin.com/company/snapattack/
https://twitter.com/snapattackhq
https://www.linkedin.com/in/ajkingio/
https://twitter.com/ajkingio

SnapAttack Resources:

• https://app.snapattack.com/collection/cdcb4362-a6fb-4faa-b3e8-12cdbcd06f48 - Collection: Microsoft Recall: Detecting Abuse | Threat SnapShot
• https://app.snapattack.com/threat/8d63cca8-4926-0589-5e84-061426296855 - Threat: Extracting Microsoft Recall Data Using TotalRecall
• https://app.snapattack.com/detection/e304967f-c590-4d36-adec-4bd06753a9a5 - Detection: File or Folder Permissions Modifications
• https://app.snapattack.com/detection/d1d7048e-d095-4fb5-b43b-e570d574a1aa - Detection: Process Accessing Windows Recall Directory

References:

• https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e
• https://github.com/xaitax/TotalRecall