Defenders beware: A case for post-ransomware investigations
Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase ... continue reading
Detecting and preventing LSASS credential dumping attacks
Obtaining user operating system (OS) credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral ... continue reading
LEDBAT Background Data Transfer for Windows
LEDBAT is the background data transfer product built into the Windows networking stack and recommended by the Windows Data Transport team for moving bulk data without interfering with foreground traffic. LEDBAT has a couple of advantages that make it our ... continue reading
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading
Fun with Azure VPN
Introduction Hi folks! My name is Felipe Binotto, Cloud Solution Architect, based in Australia. I decided to make this post for a couple reasons. The first reason is to demonstrate how you can quickly build a hub between your ... continue reading
MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
In recent weeks, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence ... continue reading
Setting up DNS in a Hybrid Environment.
Hello Folks, I’m not sure when this became a series, but it’s looking like it’s going to be ongoing. I’m hoping it can give the community a sense of how you can slowly adopt cloud services to enhance your on-prem ... continue reading
Accessing Key Vault from Another Subscription Over Private Endpoint
Introduction Hello everyone, Andrew Coughlin here and I am a Cloud Solutions Architect at Microsoft focusing on Azure IaaS. I recently received questions from a few of my customers about access to a key vault from a different subscription. In ... continue reading
Connect to your on-prem server from anywhere!
Hello Folks, A few weeks ago, I wrote about upgrading my local network edge device with one capable of connecting to my Azure virtual network using a site-to-site VPN. I also mentioned that I would cover many other services and ... continue reading
Accessing Key Vault from another Subscription over public endpoint
Introduction Hello everyone, it has been a while, Andrew Coughlin here and I am a Customer Engineer at Microsoft focusing on Azure IaaS. I recently received questions from a few of my customers about access a key vault from a ... continue reading
