Select Page
Graph showing trend of COVID-19 themed attacks and mapping key events during the outbreak

Exploiting a crisis: How cybercriminals behaved during the outbreak

In the past several months, seemingly conflicting data has been published about cybercriminals taking advantage of the COVID-19 outbreak to attack consumers and enterprises alike. Big numbers can show shifts in attacker behavior and grab headlines. Cybercriminals did indeed adapt ... continue reading
Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation

In September 2019, MITRE evaluated Microsoft Threat Protection (MTP) and other endpoint security solutions. The ATT&CK evaluation lasted for three days, with a professional red team from MITRE emulating many advanced attack behaviors used by the nation-state threat group known ... continue reading
1.png

Beyond the Edge: How to Secure SMB Traffic in Windows

Hiya folks, Ned here again. Organizations are good at firewalling the network edge to stop inbound intruders. We need to move on to preventing outbound and lateral network communications. With the rise of mobile computing and ease of phishing users, ... continue reading

VMware Workstation and Hyper-V

As a follow up to our previous post on VMware and Hyper-V Working Together, VMware has released a version of VMware Workstation that works with the Windows Hypervisor Platform (WHP). This release adds support for VMware Workstation running side by ... continue reading
Mobile Device Management (MDM)

Zero Trust Deployment Guide for devices

The modern enterprise has an incredible diversity of endpoints accessing their data. This creates a massive attack surface, and as a result, endpoints can easily become the weakest link in your Zero Trust security strategy. Whether a device is a ... continue reading
UpdateReporting001.PNG

Mastering Configuration Manager Patch Compliance Reporting

Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!"I am a Microsoft Premier Field Engineer (PFE) and a while back (years in fact) I was asked to analyze the update compliance status of a SCCM/ConfigMgr/MECM ... continue reading
Azure Sentinel logs.

Open-sourcing new COVID-19 threat intelligence

A global threat requires a global response. While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cybercriminals using COVID-19 as a lure to mount attacks. As a security ... continue reading
Diagram showing how the Thunderspy attack works

Secured-core PCs help customers stay ahead of advanced data theft

Researchers at the Eindhoven University of Technology recently revealed information around “Thunderspy,” an attack that relies on leveraging direct memory access (DMA) functionality to compromise devices. An attacker with physical access to a system can use Thunderspy to read and ... continue reading

A Journey to Holistic Cloud Protection with the Microsoft 365 Security Stack Pt 6 – M365 Integration

For our final stop in the journey to holistic cloud protection with the Microsoft 365 security stack we will be discussing M365 Integration. For anyone new joining us on this journey please ensure you check out Part I: Overview, Part ... continue reading
MISA1

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

This blog post is part of the Microsoft Intelligence Security Association guest blog series. To learn more about MISA, go here. Whether you’re a security team of one or a dozen, detecting and stopping threats around the clock is a ... continue reading