Select Page
Diagram of the attacks using Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this ... continue reading
SMB compression behavior & settings changes

SMB compression behavior & settings changes

Heya folks, Ned here again. As you know from a previous post, we released an end-to-end SMB compression capability with Windows 11 and Windows Server 2022. You can learn all about it at SMB Compression | Microsoft Docs.    There was ... continue reading
PaddyDamodharan_14-1660355299530.png

Modernizing Endpoint Management – Encryption – Part 2

Introduction: In part 1, we saw how to use MEM portal to view and recover Bitlocker recovery keys for ConfigMgr clients that are tenant attached. In part 2 of this blog, we will see how to migrate Bitlocker keys to ... continue reading
A screenshot of the digital signature details tab from the file properties page. The tab states that the digital signature for the file is OK. The name indicated under the signer information portion is DSIRF GmbH.

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European ... continue reading
Screenshot of BlackCat ransomware deployment options and subcommands with corresponding descriptions.

The many lives of BlackCat ransomware

The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy. It’s noteworthy due to its unconventional programming language (Rust), multiple target devices and possible entry points, and affiliation ... continue reading
MichaelHildebrand_0-1653599159712.png

To AAD Join or Not … That is the Question

As we all know, the cloud paradigm shifts in IT continue. When I worked in corporate IT - heck, when I started blogging out here - on-prem was really all there was. Active Directory, GPOs and WINS were all the ... continue reading
Diagram showing the relationship between players in the ransomware-as-a-service affiliate model. Access brokers compromise networks and persist on systems. The RaaS operator develops and maintain tools. The RaaS affiliate performs the attack.

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

Microsoft processes 24 trillion signals every 24 hours, and we have blocked billions of attacks in the last year alone. Microsoft Security tracks more than 35 unique ransomware families and 250 unique threat actors across observed nation-state, ransomware, and criminal ... continue reading
parobinson_0-1651699902170.png

Passwordless RDP with Windows Hello for Business

Windows Hello for Business (WHfB) provides a password-less experience for users to log into their Windows 10 or 11 device. However, a challenge remains when accessing remote systems. This can be via MMC console for example to access Active Directory ... continue reading
Aligning on mDNS: ramping down NetBIOS name resolution and LLMNR

Aligning on mDNS: ramping down NetBIOS name resolution and LLMNR

The modern standard for multicast name discovery is mDNS. However, Windows supports other multicast name resolutions protocols for historical reasons, including NetBIOS name resolution and LLMNR. More details about the documentation for each of these protocols can be found here ... continue reading
Enterprise Mode Site List Manager (schema v.2) tool

Configure IE Mode in Edge with Microsoft Endpoint (Intune)

Hi, my name is Ricardo Carvalho, I am a Customer Engineer working in Modern Workplace and Security in Portuguese Customer Success Unit team. With the Internet Explorer 11 desktop app retirement announced for next June 15, 2022, many customers started ... continue reading