Select Page
LEDBAT Background Data Transfer for Windows

LEDBAT Background Data Transfer for Windows

LEDBAT is the background data transfer product built into the Windows networking stack and recommended by the Windows Data Transport team for moving bulk data without interfering with foreground traffic. LEDBAT has a couple of advantages that make it our ... continue reading
An organizational chart of the different threat actors that worked together in attacking the Albanian government. The top level mentions Iran's Ministry of Intelligence and Security as the sponsor organization. A table on the left side lists down the threat actor group names and their corresponding aliases.

Microsoft investigates Iranian attacks against the Albanian government

Shortly after the destructive cyberattacks against the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged by the Albanian government to lead an investigation into the attacks. At the time of the attacks and our engagement ... continue reading
Infection chain describing the usual tactics and techniques used by DEV-0270 actor group.

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading
fbinotto_0-1662504725093.png

Fun with Azure VPN

Introduction   Hi folks! My name is Felipe Binotto, Cloud Solution Architect, based in Australia. I decided to make this post for a couple reasons. The first reason is to demonstrate how you can quickly build a hub between your ... continue reading
MERCURY attack chain throughout the initial access, execution, discovery, persistence, credential theft, lateral movement, and communications stages.

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

In recent weeks, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence ... continue reading
Setting up DNS in a Hybrid Environment.

Setting up DNS in a Hybrid Environment.

Hello Folks, I’m not sure when this became a series, but it’s looking like it’s going to be ongoing. I’m hoping it can give the community a sense of how you can slowly adopt cloud services to enhance your on-prem ... continue reading
Graphical user interface, text, application

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little ... continue reading
Graphical user interface, text, application

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little ... continue reading
AndrewCoughlin_1-1658489043469.png

Accessing Key Vault from Another Subscription Over Private Endpoint

Introduction Hello everyone, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure IaaS. I recently received questions from a few of my customers about access to a key vault from a different subscription. In ... continue reading
Connect to your on-prem server from anywhere!

Connect to your on-prem server from anywhere!

Hello Folks, A few weeks ago, I wrote about upgrading my local network edge device with one capable of connecting to my Azure virtual network using a site-to-site VPN. I also mentioned that I would cover many other services and ... continue reading