Select Page
diagram showing different attack stages and techniques in each stage that various ransomware groups use

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. Multiple ransomware groups that have been accumulating access ... continue reading
Troubleshooting Azure Arc for Servers - Status Offline

Troubleshooting Azure Arc for Servers – Status Offline

While trying out the capabilities of Azure Arc for Servers, I came across a couple of times when the on-premises virtual machine showed as ‘Offline’ in the Azure Portal. To help troubleshoot this, there’s a command line tool that can ... continue reading
Security guidance for remote desktop adoption

Security guidance for remote desktop adoption

As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections ... continue reading
JoshuaLent_0-1586198850488.jpeg

Create a SQL FCI with a Tertiary AG Replica

Procedure The purpose of this guide is to provide the steps needed to deploy a 2-node Windows Server Failover Cluster (WSFC) hosting a clustered instance of SQL Server 2019. A 3rd Windows server running on a separate subnet will also ... continue reading
Image: Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Impact Using Cloud credentials Exec into container Backdoor container Privileged container Clear container logs List K8S secrets Access the K8S API server Access cloud resources Data Destruction Compromised images in registry bash/cmd inside container Writable hostPath mount Cluster-admin binding Delete K8S events Mount service principal Access Kubelet API Container service account Resource Hijacking Kubeconfig file New container Kubernetes CronJob hostPath mount Pod / container name similarity Access container service account Network mapping Cluster internal networking Denial of service Application vulnerability Application exploit (RCE) Access cloud resources Connect from Proxy server Applications credentials in configuration files Access Kubernetes dashboard Applications credentials in configuration files Exposed Dashboard SSH server running inside container Instance Metadata API Writable volume mounts on the host Access Kubernetes dashboard Access tiller endpoint

Attack matrix for Kubernetes

Kubernetes, the most popular container orchestration system and one of the fastest-growing projects in the history of open source, becomes a significant part of many companies’ compute stack. The flexibility and scalability of containers encourage many developers to move their ... continue reading
L2bridge Container Networking

L2bridge Container Networking

Overview Containers attached to a l2bridge network will be directly connected to the physical network through an external Hyper-V switch. L2bridge networks can be configured with the same IP subnet as the container host, with IPs from the physical network ... continue reading

SMB over QUIC

Heya folks, Ned here again. I wrote a new blog post, SMB over QUIC: Files Without the VPN. Learn about this new optional feature coming to replace TCP/IP for scenarios like hybrid computing and mobile workers - VPN'less SMB 3.1.1 ... continue reading
SMB over QUIC: Files Without the VPN

SMB over QUIC: Files Without the VPN

Hi folks, Ned Pyle guest-posting today about SMB over QUIC, a game-changer coming to Windows, Windows Server, and Azure Files. In today’s world, SMB file share access for mobile users requires expensive & complex VPNs. Departments trying to use Azure ... continue reading

SMB is Dead, Long Live SMB!

Hello again, James Kehr here with another guest post. Titles are hard to do. They must convey the topic to the reader while being both interesting and informative, all at the same time. Doing this with a technical article makes ... continue reading

Firewall Rules for Active Directory Certificate Services

First published on TECHNET on Jun 25, 2010 Below is a list of ports that need to be opened on Active Directory Certificate Services servers to enable HTTP and DCOM based enrollment The information was developed by Microsoft Consultant Services ... continue reading