Select Page
Local Computer Policy - User Rights Assignment Dialog

How To Automate The Hybrid World Part Two Of Two

Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!"I’m a Microsoft Senior Cloud Solution Architect – Engineering (or short Sr. CSA-E) and in this article I want to talk about how to automate the hybrid world. Over ... continue reading

SMB insecure guest auth now off by default in Windows Insider Pro editions

Heya folks, Ned here again. Starting in Windows 11 Insider Preview Build 25276, the Pro editions of Windows now disable SMB insecure guest authentication fallbacks by default.    Guest logons don't require passwords & don't support standard security features like signing and encryption. Allowing ... continue reading
A diagram showing how a malicious IIS module sits between a web server and the client. The malicious IIS module is shown intercepting requests between the web server and client on the BeginRequest, EndRequest, and Error event triggers.

IIS modules: The evolution of web shells and how to detect them 

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector ... continue reading
Timeline of events for a recent ransomware incident.

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase ... continue reading
How to troubleshoot applications on Windows Containers with the Log Monitor tool

How to troubleshoot applications on Windows Containers with the Log Monitor tool

In my previous blog post, I showed how to manually troubleshoot Windows Containers by opening an interactive session to a container, running a PowerShell session, and using the Get-WinEvent cmdlet to view the application logs on the container instance. While ... continue reading
How to manually troubleshoot applications on Windows containers

How to manually troubleshoot applications on Windows containers

Developers are more and more creating applications on containers, and guess what? It’s still up to us – ITPros – to troubleshoot anything that happens in production. Containers are not VMs, so where to even start, you might ask. We’ll ... continue reading
:smile:

Azure Monitor: Audit your Azure and non-Azure SQL Server

Hi everyone, time passed since my last post. Hope you missed me Today I am going to cover an interesting aspect on how to capture security audit events from both Azure and non-Azure SQL Server machines. Most of you probably ... continue reading
1.jpg

Forward On-Premises Windows Security Event Logs to Microsoft Sentinel

Hello, It has been a while since Raven, and I have blogged on security. My little buddy Raven (miniature Schnauzer) has been dealing with genetic back problems that have made it difficult to run or jump, so her days of ... continue reading
bake13_0-1635332214539.png

SQL Server 2019 PolyBase feature High Availability

One of the most exciting aspects of SQL Server 2019 are the enhanced capabilities around the PolyBase feature that enables access to non-SQL Server external data sources through a process referred to as virtualization. The data remains at the external ... continue reading
Microsoft Sysinternals report in VirusTotal.

New Microsoft Sysmon report in VirusTotal improves security

Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you ... continue reading