Select Page

A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Part 3 – Devices

For our second stop on the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing Device security. For anyone new joining us on this journey please ensure you check out Part I: Overview and ... continue reading
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

Latest Astaroth living-off-the-land attacks are even more invisible but not less observable

Following a short hiatus, Astaroth came back to life in early February sporting significant changes in its attack chain. Astaroth is an info-stealing malware that employs multiple fileless techniques and abuses various legitimate processes to attempt running undetected on compromised ... continue reading
Screenshot of a phishing email about a coronavirus update.

Protecting against coronavirus themed phishing attacks

The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in ... continue reading

IIS Best Practices

It has been almost eight years since I first wrote a blog on IIS best practices. During this time, several new versions of IIS have arrived, some reached end of lifecycle; we were introduced a new development platform called .NET ... continue reading
Wadhrama PARINACOTA attack chain

Human-operated ransomware attacks: A preventable disaster

Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft ... continue reading

A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack – Part 1 – Overview

Welcome everyone! My name is James Key and I’ll be your guide as we take a journey through the possibilities of holistic cloud protection with the Microsoft 365 security stack. I am a Premier Field Engineer at Microsoft who specializes ... continue reading
clipboard_image_4.png

Hyper-V Powering Windows Features

December 2019 Hyper-V is Microsoft’s hardware virtualization technology that initially released with Windows Server 2008 to support server virtualization and has since become a core component of many Microsoft products and features. These features range from enhancing security to empowering ... continue reading
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of ... continue reading
Image showing "Signers" using in the credential dumping tool signed using a stolen Whizzimo, LLC certificate.

GALLIUM: Targeting global telecom

Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need ... continue reading
Timeline of evolution of Dexphot malware

Insights from one year of tracking a polymorphic threat

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every ... continue reading