Select Page
Figure 1 displays a diagram depicting a typical attack flow for XorDdos malware. The attacker communicates with a bot to SSH brute force a target device and download XorDdos. The malware then performs several techniques for evasion and persistence before connecting with the attacker's C2 server to send data and receive commands.

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading
WillAftring_0-1651759798268.png

Introduction to Network Trace Analysis Part 0: Laying the Groundwork

Hi everyone, this is Will Aftring again with the Windows Debug team, here to lay the groundwork for a new series on how to get started with network trace analysis. This is not an introduction to networking. Many of the networking ... continue reading
The top technical skills for the modern IT Pro

The top technical skills for the modern IT Pro

There are many niche areas within infrastructure and security, but we find that most IT Pros have a very broad set of responsibilities, touching different products and tasks. If you’re working in a Microsoft-focussed environment, especially one that is using ... continue reading
mDNS in the Enterprise

mDNS in the Enterprise

James Kehr here with the Windows networking support team. This article covers details about mDNS and recommended best practices when trying to control the protocol designed to make life easier. Starting with Windows 10 1703 Microsoft has included native support ... continue reading
Troubleshooting HTTP/3 in http.sys

Troubleshooting HTTP/3 in http.sys

HTTP/3 is a major change to HTTP. It switches away from using TCP as a transport and TLS separately to using QUIC as a transport which has TLS 1.3 or higher built in. These changes mean that migrating from HTTP/2 ... continue reading
Diagram showing an attacker having access to a C2 server, a compromised IoT device, and a target network, all of which have a line of communication running through them. To the right of each component, corresponding attack chain routines related to it are depicted.

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure

Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent ... continue reading
Enabling DDOS Protection Standard on a VNET

Microsoft DDoS protection response guide

Receiving Distributed Denial of Service (DDoS) attack threats? DDoS threats have seen a significant rise in frequency lately, and Microsoft stopped numerous large-scale DDoS attacks last year. This guide provides an overview of what Microsoft provides at the platform level, ... continue reading
Bicep vs ARM Templates

Infrastructure as Code (IaC): Comparing the Tools

When you go to deploy a server or any part of our infrastructure manually, how long does it take you? Can you do a manual deployment end to end without any mistakes? Now, how do you scale that? This is ... continue reading
EJansen_0-1645419312107.png

Secrets from the Deep – The DNS Analytical Log – Part 5

Secrets from the Deep - The DNS Analytical Log - Part 5   Hi Team, it's Eric Jansen again, here today to continue where we left off in Part 4 of the series. In the last episode, we discussed how ... continue reading
Bar chart of Miter Att&ck Framework with first part highlighted in red showing impact.

Detect active network reconnaissance with Microsoft Defender for Endpoint

The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, ... continue reading