Select Page
Diagram showing components of Qakbot campaigns as building blocks

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize ... continue reading
Homepage of the Vulnerable and Malicious Driver Reporting Center.

Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center

Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit (HLK) compatibility tests, malware scanning, and prove their identity through extended validation (EV) ... continue reading
John_Barbare_0-1636495244009.png

Application Guard Deployment by MECM

Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will be focusing on Application Guard and the correct configuration/deployment for Microsoft Endpoint Configuration ... continue reading

How can I be notified any time a service goes down?

Q: How can I be notified any time a service goes down? A: The short quick answer to utilizing WMI and PowerShell 7. You use PowerShell to create temporary event monitoring using WMI. Then WMI monitors any service changes and generates an alert once it detects a change. Basic Requirement To achieve this, you need Windows ... continue reading

How to Update or Add a Registry Key Value with PowerShell

Q: I am having a problem trying to update the registry. I am using the New-ItemProperty cmdlet, but it fails if the registry key does not exist. I added the –Force parameter, but it still does not create the registry ... continue reading
Diagram showing chain of attacks from the LemonDuck and LemonCat infrastructure, detailing specific attacker behavior common to both and highlight behavior unique to each infra

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts ... continue reading
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading
WDAC.gif

Deploying Windows 10 Application Control Policy

Dear IT Pros, Today we discuss about All things about WDAC – Windows Defender Application Control. WDAC was introduced with Windows 10 and could be applied to Windows server 2016 and later, its older name is Configurable Code Integrity (CCI) ... continue reading
Running Edge with new startup page

How to Change the Start Page for the Edge Browser

Q: How can I change the Edge startup page? A: You can change the start page easily using PowerShell. Edge and It’s Start Page I am basing this article on the latest incarnation of the Edge browser, aka Edge Chromium ... continue reading

How to rename a NIC

Q: Is there a simple way to rename a NIC, especially inside a Hyper-V VM? A: You can change the name of any Windows NIC using PowerShell – whether the NIC is in a physical host or a Hyper-V VM ... continue reading