Select Page
Balance Performance in MsQuic and XDP

Balance Performance in MsQuic and XDP

Improving performance has always been a major goal for MsQuic. Recently, we have put in a lot of effort into getting ultra-low latency with MsQuic. We have prototyped a fully functioning XDP data path for MsQuic to bypass Windows TCP/IP ... continue reading
Infection chain describing the usual tactics and techniques used by DEV-0270 actor group.

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading
NIC Certification updates in the Windows Server Catalog

NIC Certification updates in the Windows Server Catalog

Hi Everybody - Dan Cuomo, Principal PM on the Azure Edge and Platform, Core Networking team, here to talk about some changes we're making to NIC certification in the Windows Server Catalog. During OS deployment (and periodically after that), you ... continue reading
Screenshot of a Sliver implant configuration data extracted from the process memory of a Sliver backdoor.

Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks

Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver ... continue reading
Network ATC: What's coming in Azure Stack HCI 22H2

Network ATC: What's coming in Azure Stack HCI 22H2

When we first released Network ATC, we greatly simplified the deployment and on-going management of host networking in Azure Stack HCI. Whether it was the simple yet powerful deployment experience, a “that was easy” cluster expansion process, or increased reliability ... continue reading
Securely Manage my On-prem Server Using Cloud services.

Securely Manage my On-prem Server Using Cloud services.

Hello folks, Lately, I had to replace my home network’s edge devicefirewall with one that would allow me to connect to my Azure cloud environment using a site-to-site VPN. I set up an Azure Bastion host to enable remote access ... continue reading
Setting up DNS in a Hybrid Environment.

Setting up DNS in a Hybrid Environment.

Hello Folks, I’m not sure when this became a series, but it’s looking like it’s going to be ongoing. I’m hoping it can give the community a sense of how you can slowly adopt cloud services to enhance your on-prem ... continue reading
Graphical user interface, text, application

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little ... continue reading
Graphical user interface, text, application

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little ... continue reading

SCOM MP for M365 – V3 (now GA)

Update on July 20, 2022 CTP is now GA. No changes for users who have installed CTP in their environment. Users on V1/V2, follow instructions highlighted in MP guide to update. ================================== We are back with the latest version of ... continue reading