Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have ... continue reading

Hello everyone, my name is Daniel Metzger and I am a Senior Premier Field Engineer for Secure Infrastructure based in Switzerland. Lately I have done quite a few Public Key Infrastructure (PKI) migrations for customers mostly because their certification authorities ... continue reading

Hello everyone, my name is Daniel Metzger and I am a Senior Premier Field Engineer for Secure Infrastructure based in Switzerland. In this post, I am going to show you how to use a minimal set of Group Policy objects ... continue reading

Summary: Easily identify if Credential Guard is enabled using the Get-ComputerInfo Cmdlet in Windows 10 Question: Hey Doctor Scripto, how can I tell if CredentialGuard has been enabled on my Windows 10 computer? Answer: Just use the Get-ComputerInfo Cmdlet and ... continue reading

Recent developments in security research and real-world attacks demonstrate that as more protections are proactively built into the OS and in connected services, attackers are looking for other avenues of exploitation with firmware emerging as a top target. In the ... continue reading

Yesterday VMware demonstrated a pre-release version of VMware Workstation with early support for the Windows Hypervisor Platform in the What's New in VMware Fusion and VMware Workstation session at VMworld. In Windows 10 we have introduced many security features that ... continue reading

First published on TECHNET on Apr 24, 2017 [This blog post was originally published at: https://blogs.technet.microsoft.com/hybridcloud/2017/04/11/rest-easy-with-regulatory-compliance-in-windows-server-2016/] Last month we learned that Windows Server 2016 has achieved Common Criteria certification for the General Purpose OS protection profile. This international standard is ... continue reading

First published on TECHNET on Feb 21, 2017 Credential guard protects the credential derivatives like NTLM hash and Kerberos tickets; this TechNet article has a very detailed explanation as well as deployment guidelines. There was a recent change in this ... continue reading

First published on TECHNET on Feb 02, 2017 When talking to customers about the security features in Windows Server 2016, a common question keeps coming up, how do I secure my jump server? Recently, I worked with a Microsoft internal ... continue reading

Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 October 2018 Update (a.k.a., version 1809, “Redstone 5” or “RS5”), and for Windows Server 2019. Download the content from the Microsoft Security Compliance ... continue reading