Select Page
Guidance for technical architecture relating to Microsoft Zero Trust Principles.

Implementing a Zero Trust strategy after compromise recovery

What changes after compromise recovery? After the final compromise recovery, steps have been completed and we are back in control. There has been a round of applause and many sighs of relief.  Now what? Is everything going back to as ... continue reading
BrandonWilson_1-1662757157500.png

Check This Out! (CTO!) Guide (August 2022)

  Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.   These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we ... continue reading

The art and science behind Microsoft threat hunting: Part 1

At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly (or not so covertly) penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and ... continue reading
Infection chain describing the usual tactics and techniques used by DEV-0270 actor group.

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading
DarrenTurchiarelli_5-1661811658809.png

Domain Join a Storage Account Leveraging Azure Automation

Are you looking to take the next step in your cloud journey and pivot away from managing file servers? Why not look at Azure Files! In short; Azure Files offers fully managed file shares in the cloud that are accessible ... continue reading
Screenshot of a section of a configuration file.

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government ... continue reading
BrandonWilson_20-1659625297384.png

CIS Tech Community-Check This Out! (CTO!) Guide (July 2022)

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide. These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying ... continue reading
Upgrading your container app from Windows Server 2019 to 2022 on Azure Kubernetes Service

Upgrading your container app from Windows Server 2019 to 2022 on Azure Kubernetes Service

Note: As of the writing of this blog, Windows Server 2022 is on Public Preview on Azure Kubernetes Service (AKS). If you’ve been playing with containers, the thought of upgrading to a new OS version might seem way too simple: ... continue reading
JoelVickery_0-1657509496356.png

The RC4 Removal Files Part 3 – The “Everything Else” Of It

I’m not a fan of folks that glaze over problems, not that I’m a pessimist mind you, I do my fair share of finding the bright side of bad situations. When this RC4 project started, I heard lots of optimistic ... continue reading
Enterprise Scale for Azure VMware Solution - Identity and Access

Enterprise Scale for Azure VMware Solution – Identity and Access

I had the pleasure of talking with Xavier Elizondo where he went over identity and access in Azure VMware Solution. Watch below! Important things to note for Azure VMware Solution AVS has the control plane in Azure that is managed ... continue reading