Select Page
Screenshot of BlackCat ransomware deployment options and subcommands with corresponding descriptions.

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy. It’s noteworthy due to its unconventional programming language (Rust), multiple target devices and possible entry points, and affiliation ... continue reading
Intrusion Detection and Prevention System signatures table

Learn what’s new in Azure Firewall

This post was co-authored by Suren Jamiyanaa, Program Manager 2, Azure Networking. We continue to be amazed by the adoption, interest, positive feedback, and the breadth of use cases customers are finding for our service. Today, we are happy to ... continue reading
BrandonWilson_0-1654703414788.png

A Light Overview of Microsoft Security Products

Hi, Alan here today to lightly cover something I have been asked by customers in regard to Microsoft’s security products....and that is “what defender products does Microsoft have and what are they used for?”. Well, it’s a good question, so ... continue reading
A screenshot of a table of chat messages translated from Russian to English. The table includes details when the message was sent, who it was from, to whom it was sent, the original text in Russian, and the translated English version.

Using Python to unearth a goldmine of threat intelligence from leaked chat logs

Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is ... continue reading
The diagram illustrates how the attacker pushes a reflection attack to a target virtual machine that is hosted in Azure.

Anatomy of a DDoS amplification attack

Amplification attacks are one of the most common distributed denial of service (DDoS) attack vectors. These attacks are typically categorized as flooding or volumetric attacks, where the attacker succeeds in generating more traffic than the target can process, resulting in ... continue reading
Figure 1 displays a diagram depicting a typical attack flow for XorDdos malware. The attacker communicates with a bot to SSH brute force a target device and download XorDdos. The malware then performs several techniques for evasion and persistence before connecting with the attacker's C2 server to send data and receive commands.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading
WillAftring_0-1651759798268.png

Introduction to Network Trace Analysis Part 0: Laying the Groundwork

Hi everyone, this is Will Aftring again with the Windows Debug team, here to lay the groundwork for a new series on how to get started with network trace analysis. This is not an introduction to networking. Many of the networking ... continue reading
Aligning on mDNS: ramping down NetBIOS name resolution and LLMNR

Aligning on mDNS: ramping down NetBIOS name resolution and LLMNR

The modern standard for multicast name discovery is mDNS. However, Windows supports other multicast name resolutions protocols for historical reasons, including NetBIOS name resolution and LLMNR. More details about the documentation for each of these protocols can be found here ... continue reading
mDNS in the Enterprise

mDNS in the Enterprise

James Kehr here with the Windows networking support team. This article covers details about mDNS and recommended best practices when trying to control the protocol designed to make life easier. Starting with Windows 10 1703 Microsoft has included native support ... continue reading
AlanLaPietra_0-1648554341870.png

Microsoft Defender Ecosystem

DEFENDER FOR CLOUD Microsoft Defender for Cloud - an introduction | Microsoft Docs Defender for Cloud is a tool for security posture management and threat protection. It strengthens the security posture of your cloud resources, and with its integrated Microsoft ... continue reading