Select Page
fbinotto_3-1695867405730.png

Azure Firewall Tips from the Field

Introduction  Hi folks! My name is Felipe Binotto, Cloud Solution Architect, based in Australia.  In this post, I will provide some tips and clarifications about Azure Firewall based on my experience from the field.    Topics  The following are the ... continue reading
Peach Sandstorm 2023 tradecraft and attack flow diagram.

Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out  by an actor we track as Peach Sandstorm (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, ... continue reading
Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution

Microsoft Entra Private Access: An Identity-Centric Zero Trust Network Access Solution

On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look ... continue reading
Flax Typhoon attack chain through the initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and command and control stages.

Flax Typhoon using legitimate software to quietly access Taiwanese organizations

Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations’ ... continue reading
How to configure the RDP connection for Azure VMs via Azure Bastion

How to configure the RDP connection for Azure VMs via Azure Bastion

When connecting to Azure VMs, there are a few ways you can establishing the connection. If using Windows VMs, most likely, you are connecting through Remote Desktop Protocol (RDP) session, so you can open a remote GUI session. However, opening ... continue reading
Microsoft Entra Expands into Security Service Edge with Two New Offerings

Microsoft Entra Expands into Security Service Edge with Two New Offerings

Flexible work arrangements and accelerating digital transformation changed the way we secure access. Traditional network security approaches just don’t scale to modern demands. They not only hurt end user experience but also grant each user excessive access to the entire ... continue reading
BlackByte 2.0 ransomware attack chain by order of stages: initial access and privilege escalation, persistence and command and control, reconnaissance, credential access, lateral movement, data staging and exfiltration, and impact.

The five-day job: A BlackByte ransomware intrusion case study

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – ... continue reading

Top 5 Common Deployment Tips for US Government Agencies

Executive Order 14028 (EO 14028), Improving the Nation’s Cybersecurity directs the federal government to improve its efforts to identify, protect against, and respond to malicious cyber campaigns and their actors through bold changes and significant investments in cybersecurity. The Office ... continue reading
Cadet Blizzard heatmap displaying their operational cadence by the day of the week and active times (UTC).

Cadet Blizzard emerges as a novel and distinct Russian threat actor

As Russia’s invasion of Ukraine continues into its second year and Microsoft continues to collaborate with global partners in response, the exposure of destructive cyber capabilities and information operations provide greater clarity into the tools and techniques used by Russian ... continue reading
Figure 1: Network Security Group showing the inbound rule for port 8443.

Cloud Management Gateway – Inbound Rule for Port 8443

  Hello! My name is Nandan Sheth, and I am a part of Microsoft’s Customer Success Unit based out of Dublin, Ireland. I have been helping customers set up the Cloud Management Gateway for a few years now, but recently ... continue reading