
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as ... continue reading
Introduction to Network Trace Analysis Part 0: Laying the Groundwork
Hi everyone, this is Will Aftring again with the Windows Debug team, here to lay the groundwork for a new series on how to get started with network trace analysis. This is not an introduction to networking. Many of the networking ... continue reading
The top technical skills for the modern IT Pro
There are many niche areas within infrastructure and security, but we find that most IT Pros have a very broad set of responsibilities, touching different products and tasks. If you’re working in a Microsoft-focussed environment, especially one that is using ... continue reading

mDNS in the Enterprise
James Kehr here with the Windows networking support team. This article covers details about mDNS and recommended best practices when trying to control the protocol designed to make life easier. Starting with Windows 10 1703 Microsoft has included native support ... continue reading
Troubleshooting HTTP/3 in http.sys
HTTP/3 is a major change to HTTP. It switches away from using TCP as a transport and TLS separately to using QUIC as a transport which has TLS 1.3 or higher built in. These changes mean that migrating from HTTP/2 ... continue reading

Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
Trickbot, a sophisticated trojan that has evolved significantly since its discovery in 2016, has continually expanded its capabilities and, even with disruption efforts and news of its infrastructure going offline, it has managed to remain one of the most persistent ... continue reading

Microsoft DDoS protection response guide
Receiving Distributed Denial of Service (DDoS) attack threats? DDoS threats have seen a significant rise in frequency lately, and Microsoft stopped numerous large-scale DDoS attacks last year. This guide provides an overview of what Microsoft provides at the platform level, ... continue reading
Infrastructure as Code (IaC): Comparing the Tools
When you go to deploy a server or any part of our infrastructure manually, how long does it take you? Can you do a manual deployment end to end without any mistakes? Now, how do you scale that? This is ... continue reading
Secrets from the Deep – The DNS Analytical Log – Part 5
Secrets from the Deep - The DNS Analytical Log - Part 5 Hi Team, it's Eric Jansen again, here today to continue where we left off in Part 4 of the series. In the last episode, we discussed how ... continue reading

Detect active network reconnaissance with Microsoft Defender for Endpoint
The Microsoft Compromise Recovery Security Practice has observed how the security industry has evolved over the last few years as consumers, businesses, and industry professionals continue to adapt to the changing landscape. We have seen the emergence of new frameworks, ... continue reading