Select Page

How can I be notified any time a service goes down?

Q: How can I be notified any time a service goes down? A: The short quick answer to utilizing WMI and PowerShell 7. You use PowerShell to create temporary event monitoring using WMI. Then WMI monitors any service changes and generates an alert once it detects a change. Basic Requirement To achieve this, you need Windows ... continue reading

How to Update or Add a Registry Key Value with PowerShell

Q: I am having a problem trying to update the registry. I am using the New-ItemProperty cmdlet, but it fails if the registry key does not exist. I added the –Force parameter, but it still does not create the registry ... continue reading
Diagram showing chain of attacks from the LemonDuck and LemonCat infrastructure, detailing specific attacker behavior common to both and highlight behavior unique to each infra

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts ... continue reading
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading
WDAC.gif

Deploying Windows 10 Application Control Policy

Dear IT Pros, Today we discuss about All things about WDAC – Windows Defender Application Control. WDAC was introduced with Windows 10 and could be applied to Windows server 2016 and later, its older name is Configurable Code Integrity (CCI) ... continue reading
Running Edge with new startup page

How to Change the Start Page for the Edge Browser

Q: How can I change the Edge startup page? A: You can change the start page easily using PowerShell. Edge and It’s Start Page I am basing this article on the latest incarnation of the Edge browser, aka Edge Chromium ... continue reading

How to rename a NIC

Q: Is there a simple way to rename a NIC, especially inside a Hyper-V VM? A: You can change the name of any Windows NIC using PowerShell – whether the NIC is in a physical host or a Hyper-V VM ... continue reading
Baseline-000-Import.png

How To Detect Changes In MECM Environments

Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!" I am a Senior Customer Engineer based in Germany and over the years I created several configuration items I use as part of a Microsoft Endpoint Configuration Manager (MECM / ConfigMgr) baseline to detect configuration changes in the environment. In this blog ... continue reading

How Do I Discover Changes to an AD Group’s Membership

Q: Is there an easy way to detect and changes to important the membership of AD Groups? A: Easy using PowerShell 7, WMI, and the CIM Cmdlets. WMI Windows Management Instrumentation (WMI) is an important component of the Windows operating ... continue reading
Number of tests in which the vendor blocked the attack at earliest stage possible. Microsoft successfully blocked at the earliest possible point on six protection tests, more than any other vendor participating in the test.

Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation

In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with market-leading capabilities ... continue reading