Select Page
Deploy Bicep files by using GitHub Actions

Deploy Bicep files by using GitHub Actions

Recently, I did a live streaming session for the New York City Microsoft Reactor in which I took concepts from the Quickstart: Deploy Bicep files by using GitHub Actions doc and put them into action. In this session I create ... continue reading
Stages of attack with tools and techniques used in the REvil ransomware attack on Kaseya

New Secured-core servers are now available from the Microsoft ecosystem to help secure your infrastructure

In the current pandemic-driven remote work environments, security has become increasingly important. Earlier this year, Colonial Pipeline, one of the leading suppliers of fuel on the East Coast of the United States, was hit by a ransomware attack.1 This caused ... continue reading
RobertLightner_0-1638800553642.png

Using Azure Bicep to Deploy SQL MI into an Existing Virtual Network

Recently, I was working with a customer who wanted to deploy SQL Managed Instance (MI) into an existing virtual network with Infrastructure as Code (IaC). Having some experience with Azure Resource Manager (ARM) templates, I decided to fulfill their request ... continue reading
Column chart showing number of notifications for 2019, 2020, and 2021

Iranian targeting of IT sector on the rise

Iranian threat actors are increasing attacks against IT services companies as a way to access their customers’ networks. This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and ... continue reading
Timeline showing dates, threat actor, and malware payload of ransomware attacks by Iranian threat actors

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Over the past year, the Microsoft Threat Intelligence Center (MSTIC) has observed a gradual evolution of the tools, techniques, and procedures employed by malicious network operators based in Iran. At CyberWarCon 2021, MSTIC analysts presented their analysis of these trends ... continue reading
Step-by-Step Guide: Active Directory Migration from Windows Server 2008 R2 to Windows Server 2022

Step-by-Step Guide: Active Directory Migration from Windows Server 2008 R2 to Windows Server 2022

Windows Server 2008 and Windows Server 2008 R2 Operating system reached the end of their support cycle on the 14th of January 2020. Because of this many organizations wanted to migrate away from these legacy operating systems. End-of-life operating systems ... continue reading
Diagram showing how adaptive protection works

AI-driven adaptive protection against human-operated ransomware

In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we developed a ... continue reading
Screenshot of commands related to credential dumping

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to DEV-0322, a group operating ... continue reading
wtf-wth.gif

The mystery of the slow file copy from the fast computer

Heya folks, Ned here again. A customer contacted us about a strange behavior they were seeing when copying large files to a Windows Server 2019 cluster using SMB 3.1.1. Around every 5GB transferred, the copy would temporarily pause for a few seconds, then ... continue reading

System Center 2022

Datacenters are complex with multiple components across compute, storage and networking – components that are used to store and manage the most critical resources, vital for continuous operations of an organization. These IT environments quickly grew out of control, along ... continue reading