Select Page
BrandonWilson_1-1662757157500.png

Check This Out! (CTO!) Guide (August 2022)

  Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.   These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we ... continue reading

PowerShellGet 3.0 Preview 17

We are excited to announce that an update to our preview of PowerShellGet 3.0 is now available on the PowerShell Gallery! This release includes a number of bug fixes as well as support for specifying the temporary path used during ... continue reading
An organizational chart of the different threat actors that worked together in attacking the Albanian government. The top level mentions Iran's Ministry of Intelligence and Security as the sponsor organization. A table on the left side lists down the threat actor group names and their corresponding aliases.

Microsoft investigates Iranian attacks against the Albanian government

Shortly after the destructive cyberattacks against the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged by the Albanian government to lead an investigation into the attacks. At the time of the attacks and our engagement ... continue reading
varghesejoji_1-1659711460733.png

Upgrading AKS Using REST API

Introduction   This blog covers the usage of Microsoft.ContainerService REST APIs to demonstrate upgrade options on an AKS cluster. It also goes through the authentication setup to call these APIs using POSTMAN and we also look at options using CURL ... continue reading
Code depicting adding a JavaScript interface to a WebView object

Vulnerability in TikTok Android app could lead to one-click account hijacking

Microsoft discovered a high-severity vulnerability in the TikTok Android application, which could have allowed attackers to compromise users’ accounts with a single click. The vulnerability, which would have required several issues to be chained together to exploit, has been fixed ... continue reading
Screenshot of the Associated billing tenants command for an MCA billing account in the Azure portal.

Microsoft Cost Management updates – August 2022

Whether you're a new student, a thriving startup, or the largest enterprise, you have financial constraints, and you need to know what you're spending, where, and how to plan for the future. Nobody wants a surprise when it comes to ... continue reading
DarrenTurchiarelli_5-1661811658809.png

Domain Join a Storage Account Leveraging Azure Automation

Are you looking to take the next step in your cloud journey and pivot away from managing file servers? Why not look at Azure Files! In short; Azure Files offers fully managed file shares in the cloud that are accessible ... continue reading
Dynamic automated access with Azure AD entitlement management

Dynamic automated access with Azure AD entitlement management

We continue to enhance Azure Active Directory (Azure AD) Identity Governance to help you meet security needs and preserve employee productivity at scale. Recent enhancements include the introduction of multi-stage access reviews and custom workflows in entitlement management using Azure Logic ... continue reading
Screenshot of a section of a configuration file.

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government ... continue reading
Screenshot of a Sliver implant configuration data extracted from the process memory of a Sliver backdoor.

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver ... continue reading