Select Page
MERCURY attack chain throughout the initial access, execution, discovery, persistence, credential theft, lateral movement, and communications stages.

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

In recent weeks, the Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging exploitation of Log4j 2 vulnerabilities in SysAid applications against organizations all located in Israel. MSTIC assesses with high confidence ... continue reading

Q: Who is adding a bunch of DNS records to my environment?

The other day a client asked everyone in operations who added some odd DNS records, everyone on the admin team denied making any changes, no one in engineering did it either. They determined the user that made the new record ... continue reading
Screenshot of Deployment pre-requisites page on Azure Data Studio.

Azure Data Studio August Release

Thank you to Erin Stellato (Program Manager, SQL Experiences) and Drew Skwiers-Koballa(Program Manager, SQL Experiences) for contributing to this blog.The end of summer in the Northern Hemisphere can be a quiet time for some, but the Azure Data Studio team has been ... continue reading
Screenshot of a section of a configuration file.

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments. NOBELIUM remains highly active, executing multiple campaigns in parallel targeting government ... continue reading

Right Size/Recommend Azure SQL Managed Instance

Introduction When doing SQL Migrations we have some wonderful tools at Microsoft that will assist you with the migration from On-Premise to Azure. But What happens down the line when you need to decide if you made the correct choice ... continue reading
Column chart representing number of devices where Microsoft Defender Antivirus detected cryptojackers seen monthly from January to July 2022.

Hardware-based threat defense against increasingly complex cryptojackers

Even with the dip in the value of cryptocurrencies in the past few months, cryptojackers – trojanized coin miners that attackers distribute to use compromised devices’ computing power for their objectives – continue to be widespread. In the past several ... continue reading

Query Store is enabled by default in SQL Server 2022

Part of the SQL Server 2022 blog series.Query Store is one of the most powerful database-scoped features in SQL Server for troubleshooting performance and improving the stability of your database workloads.The Query Store feature first became available in SQL Server ... continue reading
Auto-Complete with CIM

The many flavours of WMI management

WMI is arguably one of the greatest tools a system administrator can have. You can manage Windows workstations, interact with Microsoft products, like the Configuration Manager, monitor server’s resources and many more. Today, we are going to look at the ... continue reading

Modernizing Endpoint Management – Encryption – Part 2

Introduction: In part 1, we saw how to use MEM portal to view and recover Bitlocker recovery keys for ConfigMgr clients that are tenant attached. In part 2 of this blog, we will see how to migrate Bitlocker keys to ... continue reading
Azure Virtual Machines Automation - Deployment

Azure Virtual Machines Automation – Deployment

Welcome to this series where you will learn the various best practices for deploying Azure Virtual Machines and how to manage them at scale. To get started, we are going to take a look at various deployment options; how you ... continue reading