Select Page
Diagram showing BISMUTH attacker techniques across attack stages

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with ... continue reading
Purdue Model traversal in TRITON attack

Go inside the new Azure Defender for IoT including CyberX

In 2020, the move toward digital transformation and Industry 4.0 took on new urgency with manufacturing and other critical infrastructure sectors under pressure to increase operational efficiency and reduce costs. But the cybersecurity model for operational technology (OT) was already ... continue reading
RS2.gif

Demystifying Ransomware Attacks Against Microsoft Defender Solution

Hi IT Pros, As you have known it, Ransomware is in aggravated assault mode at this time of year 2020, the joint cybersecurity advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and ... continue reading
Legacy access model

Modernize secure access for your on-premises resources with Zero Trust

Change came quickly in 2020. More likely than not, a big chunk of your workforce has been forced into remote access. And with remote work came an explosion of bring-your-own-device (BYOD) scenarios, requiring your organization to extend the bounds of ... continue reading
Diagram showing process of isolation in System Management Mode

System Management Mode deep dive: How SMM isolation hardens the platform

Ensuring that the platform firmware is healthy and trustworthy is fundamental to guaranteeing that powerful platform security features like Hypervisor-protected code integrity (HVCI) and Windows Defender Credential Guard are functioning as expected. Windows 10 achieves this by leveraging a hardware-based ... continue reading
tantran55_1-1596459568602.png

Microsoft Defender for Endpoint – MD ATP Daily Operation – Part 1

Hi IT Pros, I have combined the information for Security Team who monitors, responds and manages the ATP Portal on a daily basis. Please check it out and give your feedback. For Alert Notification and Live Response with remediation and ... continue reading
MDfI3.gif

Microsoft Defender for Identity – Azure ATP Daily Operation

Hi IT Pros, I would like to continue the blog about Microsoft Defender for Identity with topic related to the daily operation of SecOp Team who traces all attacks against Identities stored in your on-prem Active Directory domain controllers. Please ... continue reading

Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutions

It’s hard to keep pace with all the changes happening in the world of cybersecurity. Security experts and leaders must continue learning (and unlearning) to stay ahead of the ever-evolving threat landscape. In fact, many of us are in this ... continue reading
Stopping Attacks by using MFA

Dharma Ransomware: Recovery and Preventative Measures

  This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In the last several months, I have been getting a lot of requests around certain Ransomware that steals credentials through targeting phishing campaigns, extracting credentials to get Domain Admin access, and then ... continue reading
Trickbot disrupted

Trickbot disrupted

As announced today, Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure. As a result, operators will no longer be ... continue reading