Select Page
A diagram of the attack chain. It presents the flow of activity from left to right, starting with the attacker gaining access to its target tenant and leading to spam messages being sent to targets.

Malicious OAuth applications used to compromise email servers and spread spam

Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange servers and spread spam. The investigation revealed that the threat actor launched credential stuffing attacks against high-risk accounts ... continue reading
Infection chain describing the usual tactics and techniques used by DEV-0270 actor group.

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including ... continue reading
fbinotto_0-1662504725093.png

Fun with Azure VPN

Introduction   Hi folks! My name is Felipe Binotto, Cloud Solution Architect, based in Australia. I decided to make this post for a couple reasons. The first reason is to demonstrate how you can quickly build a hub between your ... continue reading
Monitoring my hybrid environment – part 2?

Monitoring my hybrid environment – part 2?

Hello folks, 2 weeks ago, as part of my series on setting up my demo environment to reflect a typical hybrid (on-prem Azure) environment I covered the basics of what I needed to support operational requirements like monitoring/insights, patch management, ... continue reading
Planning the Monitoring of my hybrid environment.

Planning the Monitoring of my hybrid environment.

Hello folks, By now you may have read that I’ve rebuilt my demo environment to look like what a typical hybrid environment would look like. I did it slowly without having to rip and replace everything in my on-prem environment ... continue reading
Securely Manage my On-prem Server Using Cloud services.

Securely Manage my On-prem Server Using Cloud services.

Hello folks, Lately, I had to replace my home network’s edge devicefirewall with one that would allow me to connect to my Azure cloud environment using a site-to-site VPN. I set up an Azure Bastion host to enable remote access ... continue reading
Setting up DNS in a Hybrid Environment.

Setting up DNS in a Hybrid Environment.

Hello Folks, I’m not sure when this became a series, but it’s looking like it’s going to be ongoing. I’m hoping it can give the community a sense of how you can slowly adopt cloud services to enhance your on-prem ... continue reading
Diagram containing icons and arrows illustrating the sequence of steps in an AiTM phishing campaign.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud

A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials and session ... continue reading
Connect to your on-prem server from anywhere!

Connect to your on-prem server from anywhere!

Hello Folks, A few weeks ago, I wrote about upgrading my local network edge device with one capable of connecting to my Azure virtual network using a site-to-site VPN. I also mentioned that I would cover many other services and ... continue reading
BrandonWilson_0-1656551152216.jpeg

CIS Tech Community-Check This Out! (CTO!) Guide (June 2022)

  Hi everyone! Brandon Wilson here to introduce you to a new series of posts, called the “Check This Out!” series (or “CTO!” for short). These posts are only intended to be a guide to lead you to some content ... continue reading