Select Page

Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do

True to form, human-operated ransomware campaigns are always on prowl for any path of least resistance to gain initial access to target organizations. During this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found ... continue reading
Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Secured-core PCs: A brief showcase of chip-to-cloud security against kernel attacks

Gaining kernel privileges by taking advantage of legitimate but vulnerable kernel drivers has become an established tool of choice for advanced adversaries. Multiple malware attacks, including RobbinHood, Uroburos, Derusbi, GrayFish, and Sauron, and campaigns by the threat actor STRONTIUM, have ... continue reading
Wadhrama PARINACOTA attack chain

Human-operated ransomware attacks: A preventable disaster

Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ credential theft ... continue reading

Windows PowerShell CRL Copy v2 posted to the gallery

First published on TECHNET on May 08, 2013 Paul Fox has uploaded a revision of his former Windows PowerShell CRL Copy script. The new script is posted at the TechNet Gallery as Windows PowerShell Copy 2 . The Windows PowerShell ... continue reading

Request File Can’t be Located during CA Certificate Renewal

First published on TECHNET on May 29, 2012 During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article , I discovered that the Request file generated couldn’t be located in the ... continue reading

AD CS Installation is Crashing on x64 Platform

First published on TECHNET on Aug 09, 2009 The following problem affects a Certification authority running on the 64-bit edition of Windows Server 2008 and Windows Server 2008 R2. The problem does not occur on x86 (32-bit) platform of both ... continue reading
Understanding Key Archival

Understanding Key Archival

First published on TECHNET on Aug 07, 2009 It came to my attention that there is little understanding regarding the relationship between archived private keys and Key Recovery Agent (KRA) certificates. With this blog post I would like to clarify ... continue reading

Request File Can’t be Located during CA Certificate Renewal

First published on TECHNET on May 29, 2012During my work with a customer renewing their Issuing CA’s certificate based on the steps documented in this article , I discovered that the Request file generated couldn’t be located in the default ... continue reading

Just go with the flow…. WorkFlow that is with Windows PowerShell

Doctor Scripto returns again with our good friend Joel Vickery, PFE who is going to touch on the use of Workflows In PowerShell. Take it away Joel! Following up on my original post Parallel Processing with jobs in PowerShell, I ... continue reading

The RC4 Removal Files Part 1: What’s in an error message?

I've been doing system administration since roughly 1994 and in that time I've come to realize one thing: making changes to established environments always causes a ripple effect. The impact of changes usually doesn't surface right away, so associating the ... continue reading