Select Page
Figure 1: Windows Defender ATP detection of Kovter performing process hollowing on regsvr32.exe using mshta.exe

Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing

Advanced cyberattacks emphasize stealth and persistence: the longer they stay under the radar, the more they can move laterally, exfiltrate data, and cause damage. To avoid detection, attackers are increasingly turning to cross-process injection. Cross-process injection gives attackers the ability ... continue reading
Digital Certificates 101: Understanding, Managing & Supporting Public Key Infrastructure & Active Directory Certificate Services

Digital Certificates 101: Understanding, Managing & Supporting Public Key Infrastructure & Active Directory Certificate Services

Digital certificates is a digital form of identification, much like a passport or driver's license. Public Key Infrastructure (PKI) provides the means for digital certificates to be used by issuing certificates and making them accessible through a directory. PKI also ... continue reading
Figure 1. Infection cycle overview

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. Using ETERNALBLUE, WannaCrypt propagated as ... continue reading
Windows 10 platform resilience against the Petya ransomware attack

Windows 10 platform resilience against the Petya ransomware attack

The Petya ransomware attack on June 27, 2017 (which we analyzed in-depth in this blog) may have been perceived as an outbreak worse than last month's WannaCrypt (also known as WannaCry) attack. After all, it uses the same SMB exploit ... continue reading
New ransomware, old techniques: Petya adds worm capabilities

New ransomware, old techniques: Petya adds worm capabilities

(Note: We have published a follow-up blog entry on this ransomware attack. We have new findings from our continued investigation, as well as platform mitigation and protection information: Windows 10 platform resilience against the Petya ransomware attack.) On June 27, ... continue reading
Screenshot of security subscription notification

Partnering with the AV ecosystem to protect our Windows 10 customers

On Friday May 12th, and for several days afterwards, more than a quarter-million computers around the world fell victim to the ransomware known as WannaCrypt or WannaCry. As that recent event has shown, malicious actors bring nearly boundless time and ... continue reading
Windows 10 Creators Update provides next-gen ransomware protection

Windows 10 Creators Update provides next-gen ransomware protection

Multiple high-profile incidents have demonstrated that ransomware can have catastrophic effects on all of us. From personally losing access to your own digital property, to being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods ... continue reading

SMB1 Product Clearinghouse

Hi folks, Ned here again. This blog post contains all products requiring SMB1, where the vendor explicitly states this in their own documentation or communications. This list is not complete and you should never treat it as complete; check back ... continue reading
(Part 3) DevOps with Containers: How to Leverage Container virtualization technology for a Better DevOps Experience

(Part 3) DevOps with Containers: How to Leverage Container virtualization technology for a Better DevOps Experience

Container virtualization technology and tools have enabled a variety of organizations, large or small, to accelerate their application delivery cycle. The traditional application development process is to write code, debug code in a local development environment, check-in code, and wait ... continue reading

WannaCrypt attacks: guidance for Operations Management Suite customers

Strengthening the security posture of your infrastructure is critical in protecting against evolving cyber threats. The following steps are recommended to safeguard your resources against the recent WannaCrypt ransomware attack: This recent WannaCrypt malware exploits a Service Message Block (SMB) ... continue reading