Select Page
Data center

Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’

Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run ... continue reading

Building VM template using Assigned Access

Since it took me a couple of attempts to create VM templates for Azure portal management and Remote Desktop (in order to make them available for the TAP evaluation), I thought it best to share the process, so you can ... continue reading
Why use shielded VMs for your privileged access workstation (PAW) solution?

Why use shielded VMs for your privileged access workstation (PAW) solution?

It’s great to see customers trying out PAWs and it’s generating a lot of great questions. Many questions are related to shielded VMs so I’d like to focus this blog post on sharing our reasoning for building the PAW solution ... continue reading
New tech support scam launches communication or phone call app

New tech support scam launches communication or phone call app

A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or ... continue reading
Branch office HGS configuration diagram

Improved branch office support for shielded VMs in Windows Server, version 1709

Companies with large branch offices often must make a tradeoff between user experience and security. To increase employee productivity, it may make sense to deploy replicas of certain applications like Active Directory Domain Controllers or file servers in a branch ... continue reading
Detecting reflective DLL loading with Windows Defender ATP

Detecting reflective DLL loading with Windows Defender ATP

Today's attacks put emphasis on leaving little, if any, forensic evidence to maintain stealth and achieve persistence. Attackers use methods that allow exploits to stay resident within an exploited process or migrate to a long-lived process without ever creating or ... continue reading
Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

The threat to information is greater than ever, with data breaches, phishing attacks, and other forms of information theft like point-of-sale malware and ATM hacks becoming all too common in today's threat landscape. Information-stealing trojans are in the same category ... continue reading

How to create a VM template for PAW

Continuing with the PAW series, after you followed the previous blog to build the PAW device, you can now deploy PAW VMs on it. There are two types of VMs you can create: Desktop VM: this is a standard VM, ... continue reading
New Storage Management, Optimization, and Security Features in DPM 2016 UR4

New Storage Management, Optimization, and Security Features in DPM 2016 UR4

System Center 2016 Data Protection Manager can backup key workloads such as SQL, SharePoint, Exchange, file servers, clients and VMs running on Hyper-V or VMware. With Modern Backup Storage and RCT based Hyper-V VM backups, DPM 2016 goes a step ... continue reading

SC 2016 DPM UR4: Migrate Backup Storage in 3 simple steps

SC 2016 Data Protection Manager (SC DPM) is an enterprise backup solution, which gives you the ability to backup workloads as SQL, SharePoint, Exchange, System State, Files and Folders, Hyper-V & VMWare VMs, and Clients. These backups can be stored ... continue reading