Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
When attackers successfully breach a target network, their typical next step is to perform reconnaissance of the network, elevate their privileges, and move laterally to reach specific machines or spread as widely as possible. For these activities, attackers often probe ... continue reading
Microsoft Defender ATP: Web Content Filtering
Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will focus on the newly released feature of web content filtering in Microsoft Defender Advanced Threat Protection (ATP). Before July 6th, 2020 you either ... continue reading
Microsoft Endpoint Manager – Creating a WDAV Policy
IntroductionThis is John Barbare and I am a Sr Premier Field Engineer at Microsoft focusing on all things in the Cybersecurity space. In this tutorial I will walk you through the steps of creating a Windows Defender Antivirus (WDAV) policy ... continue reading
Microsoft Endpoint Manager: Create & Audit an ASR Policy
IntroductionThis is John Barbare and I am a Sr Premier Field Engineer at Microsoft focusing on all things in the Cybersecurity space. In this tutorial I will walk you through the steps of creating an Attack Surface Reduction (ASR) rule ... continue reading
Defending Exchange servers under attack
Securing Exchange servers is one of the most important things defenders can do to limit organizational exposure to attacks. Any threat or vulnerability impacting Exchange servers should be treated with the highest priority because these servers contain critical business data, ... continue reading
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. Multiple ransomware groups that have been accumulating access ... continue reading
A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Part 3 – Devices
For our second stop on the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing Device security. For anyone new joining us on this journey please ensure you check out Part I: Overview and ... continue reading
Latest Astaroth living-off-the-land attacks are even more invisible but not less observable
Following a short hiatus, Astaroth came back to life in early February sporting significant changes in its attack chain. Astaroth is an info-stealing malware that employs multiple fileless techniques and abuses various legitimate processes to attempt running undetected on compromised ... continue reading
Protecting against coronavirus themed phishing attacks
The world has changed in unprecedented ways in the last several weeks due to the coronavirus pandemic. While it has brought out the best in humanity in many ways, as with any crisis it can also attract the worst in ... continue reading
IIS Best Practices
It has been almost eight years since I first wrote a blog on IIS best practices. During this time, several new versions of IIS have arrived, some reached end of lifecycle; we were introduced a new development platform called .NET ... continue reading
Azure Hybrid Cloud
An agile hybrid cloud allows you to quickly scale to your company’s needs.
View Solution