Select Page
Failover Clustering Networking Basics and Fundamentals

Failover Clustering Networking Basics and Fundamentals

My name is John Marlin and I am with the High Availability and Storage Team here and today I want to talk about Failover Clustering and Networking. Networking is a fundamental key with Failover Clustering that sometimes is overlooked but ... continue reading
Deploy a Windows Server container on Azure Kubernetes Service (AKS)

Deploy a Windows Server container on Azure Kubernetes Service (AKS)

The Windows Container team announced an update to the Container extension for Windows Admin Center with a couple of new features like pushing Container images to an Azure Container Registry. In this blog post, I want to provide you with ... continue reading
PARINACOTA ransomware attack chain

The science behind Microsoft Threat Protection: Attack modeling for finding and stopping evasive ransomware

The linchpin of successful cyberattacks, exemplified by nation state-level attacks and human-operated ransomware, is their ability to find the path of least resistance and progressively move across a compromised network. Determining the full scope and impact of these attacks is ... continue reading
1.png

Beyond the Edge: How to Secure SMB Traffic in Windows

Hiya folks, Ned here again. Organizations are good at firewalling the network edge to stop inbound intruders. We need to move on to preventing outbound and lateral network communications. With the rise of mobile computing and ease of phishing users, ... continue reading
Windows Insiders can now test DNS over HTTPS

Windows Insiders can now test DNS over HTTPS

If you have been waiting to try DNS over HTTPS (DoH) on Windows 10, you're in luck: the first testable version is now available to Windows Insiders! If you haven’t been waiting for it, and are wondering what DoH is ... continue reading
diagram showing different attack stages and techniques in each stage that various ransomware groups use

Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

At a time when remote work is becoming universal and the strain on SecOps, especially in healthcare and critical industries, has never been higher, ransomware actors are unrelenting, continuing their normal operations. Multiple ransomware groups that have been accumulating access ... continue reading
Troubleshooting Azure Arc for Servers - Status Offline

Troubleshooting Azure Arc for Servers – Status Offline

While trying out the capabilities of Azure Arc for Servers, I came across a couple of times when the on-premises virtual machine showed as ‘Offline’ in the Azure Portal. To help troubleshoot this, there’s a command line tool that can ... continue reading
Security guidance for remote desktop adoption

Security guidance for remote desktop adoption

As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections ... continue reading
JoshuaLent_0-1586198850488.jpeg

Create a SQL FCI with a Tertiary AG Replica

Procedure The purpose of this guide is to provide the steps needed to deploy a 2-node Windows Server Failover Cluster (WSFC) hosting a clustered instance of SQL Server 2019. A 3rd Windows server running on a separate subnet will also ... continue reading
Image: Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Impact Using Cloud credentials Exec into container Backdoor container Privileged container Clear container logs List K8S secrets Access the K8S API server Access cloud resources Data Destruction Compromised images in registry bash/cmd inside container Writable hostPath mount Cluster-admin binding Delete K8S events Mount service principal Access Kubelet API Container service account Resource Hijacking Kubeconfig file New container Kubernetes CronJob hostPath mount Pod / container name similarity Access container service account Network mapping Cluster internal networking Denial of service Application vulnerability Application exploit (RCE) Access cloud resources Connect from Proxy server Applications credentials in configuration files Access Kubernetes dashboard Applications credentials in configuration files Exposed Dashboard SSH server running inside container Instance Metadata API Writable volume mounts on the host Access Kubernetes dashboard Access tiller endpoint

Attack matrix for Kubernetes

Kubernetes, the most popular container orchestration system and one of the fastest-growing projects in the history of open source, becomes a significant part of many companies’ compute stack. The flexibility and scalability of containers encourage many developers to move their ... continue reading