Select Page
Infection chain describing the usual tactics and techniques used by DEV-0270 actor group.

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading
Az Stack HCI: Software Defined Networking (SDN) extensions reach General Availability for WAC

Az Stack HCI: Software Defined Networking (SDN) extensions reach General Availability for WAC

Software Defined Networking is Azure-inspired Networking in your datacenter and at the edge, learn more below: Plan for and deploy SDN infrastructure on Azure Stack HCI - Learn | Microsoft Docs  Implement Datacenter Firewall and Software Load Balancer on Azure ... continue reading
Tufin SecureTrack provides automatic policy change tracking, with side-by-side comparison for easy identification of misconfiguration and risky changes.

Enhance Azure Firewall policy management with Tufin SecureTrack integration

Organizations today are faced with growing network challenges with hundreds of network assets deployed in hybrid and multi-cloud environments. Daily tasks such as enabling access or troubleshooting network connectivity issues have become increasingly more complex and spread across different teams ... continue reading
Screenshot of a section of a configuration file.

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government ... continue reading
Screenshot of a Sliver implant configuration data extracted from the process memory of a Sliver backdoor.

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver ... continue reading
Diagram showing traffic flow from a virtual machine in a NAT gateway configured subnet to a NAT gateway public IP before connecting to a destination endpoint over the internet.

Dive deep into NAT gateway’s SNAT port behavior

In our last blog, we examined a scenario on how network address translation (NAT) gateway mitigates connection failures happening at the same destination endpoint with its randomized source network address translation (SNAT) port selection and reuse timers. In addition to ... continue reading
Female office worker smiling and looking away, with a cheerful and relaxed expression.

How IT and security teams can work together to improve endpoint security

For executives in the IT and security spaces, the current climate offers reasons to worry. As workers become accustomed to new flexibility in the workplace, hybrid and remote work options present more challenges. Users want to access corporate resources from ... continue reading

CIS Tech Community-Check This Out! (CTO!) Guide (July 2022)

Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide. These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying ... continue reading
Azure Stack HCI on Microsoft Learn

Azure Stack HCI on Microsoft Learn

Azure Stack HCI is a hyper-converged infrastructure operating system delivered as an Azure service. Rather than attempt to put all the elements of a Windows Server hyper-converged solution together yourself and then trying to integrated it with Azure hybrid elements, ... continue reading
Graphical user interface, text, application

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little ... continue reading