Select Page
Secure score in Microsoft Defender ATP

Introducing the security configuration framework: A prioritized guide to hardening Windows 10

In the past, we left defining the security configuration for Windows 10 as a task for every customer to sort out. As a result, we saw as many different configurations as we saw customers. Standardization has many advantages, so we ... continue reading
PowerShell Basics: Connecting to VMs with Azure PSRemoting

PowerShell Basics: Connecting to VMs with Azure PSRemoting

If you use PowerShell on-premises, chances are good you use PSRemoting (or PowerShell Remoting). It allows you to manage systems using remoting tools like Enter-PSSession and Invoke-Command. When you move to Azure, you have similar tooling available when you enable ... continue reading
Attack chain diagram

Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability

In early March, we discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRar vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. A complex attack chain incorporating multiple code execution techniques ... continue reading
Step 8. Protect your documents and email: top 10 actions to secure your environment

Step 8. Protect your documents and email: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 8. Protect your documents and email,” you’ll learn how to deploy Azure Information Protection and ... continue reading
tax-related phishing document with malicious macro code

Steer clear of tax scams

In the month of February, we saw an average of 300,000 phishing attempts across Microsoft’s browsing platforms daily. Our security experts expect these attempted scams to become increasingly more prevalent through the April 15 Tax Day, especially in the two ... continue reading
Infographic showing a Shadow IT discovery lifecycle. Phase one: discover and identify. Phase two: evaluate and analyze. Phase three: manage and continuous monitoring.

Step 7. Discover shadow IT and take control of your cloud apps: Top 10 actions to secure your environment

This series outlines the most fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 7. Discover shadow IT and take control of cloud apps,” you’ll learn how to set up Microsoft Cloud App Security ... continue reading
figure-01-WannaCry-user-APC-injection-technique-schematic-diagram

From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw

With Microsoft continuously improving kernel mitigations and raising the bar for exploiting native kernel components, third-party kernel drivers are becoming a more appealing target for attackers and an important area of research for security analysts. A vulnerability in a signed ... continue reading
PAW deployment guide

PAW deployment guide

First published on TECHNET on Apr 30, 2018 After running the PAW TAP program on the solution explained in this blogpost , I received tons of interests and great feedback. While the team is investigating on a plan, a lot ... continue reading

Default Code Integrity policy for Windows Server

First published on TECHNET on Mar 10, 2018 After Windows Defender Application Control (WDAC, formerly known as Code Integrity) was released in Windows Server 2016, I wrote a blog post on it, it was a very effective way to do ... continue reading
PAW host buildout

PAW host buildout

First published on TECHNET on Oct 17, 2017 Continuing with the PAW series, in this blog post, I'd like to share the details of what we are planning to configure the host. I'd love to hear your thoughts, feedback about ... continue reading