Select Page
Screenshot of Service Map, showing app architecture

Build an infrastructure monitoring solution with Service Map

Have you ever been responsible for a flaky application, and wanted to set up an automatic notification when a server, process, or connection isn't there when it should be? Me too! And by using OMS Azure Log Analytics and Service ... continue reading

Core Network Stack Features in the Creators Update for Windows 10

By: Praveen Balasubramanian and Daniel Havey This blog is the sequel to our first Windows Core Networking features announcements post. It describes the second wave of core networking features in the Windows Redstone series. The first wave of features is ... continue reading
Figure 1: Windows Defender ATP detection of Kovter performing process hollowing on regsvr32.exe using mshta.exe

Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing

Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage. To avoid detection, attackers are increasingly turning to cross-process injection. Cross-process injection gives attackers the ability ... continue reading
Figure 1. Infection cycle overview

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as ... continue reading
New ransomware, old techniques: Petya adds worm capabilities

New ransomware, old techniques: Petya adds worm capabilities

(Note: We have published a follow-up blog entry on this ransomware attack. We have new findings from our continued investigation, as well as platform mitigation and protection information: Windows 10 platform resilience against the Petya ransomware attack.) On June 27, ... continue reading
What’s new in Windows Defender ATP Fall Creators Update

What’s new in Windows Defender ATP Fall Creators Update

When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in ... continue reading
Extending OMS with SCCM Information

Extending OMS with SCCM Information

Brad Watts here to talk with you today about extending OMS with SCCM information. Microsoft Operations Management Suite (OMS) is a very powerful cloud based tool. There are bunch of out of the box solutions like Alert Management, Active Directory ... continue reading
Dropping the “Untrusted Font Blocking” setting

Dropping the “Untrusted Font Blocking” setting

With the Windows 10 v1703 security configuration baseline, Microsoft is removing the recommendation to enable the “Untrusted Font Blocking” Group Policy setting in Computer Configuration | Administrative Templates | System | Mitigation Options. Windows 10 includes additional mitigations that make ... continue reading
image

Getting VM Memory Usage and Demand Programmatically

A couple of people have recently asked me how to get virtual machine memory usage and memory demand programmatically.  What I am referring to is the information that we display here in Hyper-V Manager: I have blogged about this in ... continue reading
Identity and Rights Management in CSP model – Part 2

Identity and Rights Management in CSP model – Part 2

The CSP program is currently rolling out at scale and many service providers are embarking on the journey to provide management infrastructure services for their customers. In addition to the first article about Identity in CSP, we will show more ... continue reading