Skip to main content
Skip to main content
Microsoft Security
Image of two coworkers collaborating at a desk.

Microsoft Detection and Response Team (DART)

A blog series focused on the latest attack methods as well as cybersecurity best practices derived from our investigations and engagements, helping our customers respond to compromises and become cyber-resilient.

Subscribe

Guidance for investigating attacks using CVE-2023-23397

Read more Guidance for investigating attacks using CVE-2023-23397

Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

Read more Solving one of NOBELIUM’s most novel attacks: Cyberattack Series

IIS modules: The evolution of web shells and how to detect them 

Read more IIS modules: The evolution of web shells and how to detect them 

Token tactics: How to prevent, detect, and respond to cloud token theft

Read more Token tactics: How to prevent, detect, and respond to cloud token theft

Microsoft Security tips for mitigating risk in mergers and acquisitions

Read more Microsoft Security tips for mitigating risk in mergers and acquisitions

Defenders beware: A case for post-ransomware investigations

Read more Defenders beware: A case for post-ransomware investigations

The art and science behind Microsoft threat hunting: Part 2

Read more The art and science behind Microsoft threat hunting: Part 2

The art and science behind Microsoft threat hunting: Part 1

Read more The art and science behind Microsoft threat hunting: Part 1

Microsoft investigates Iranian attacks against the Albanian government

Read more Microsoft investigates Iranian attacks against the Albanian government

MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Read more MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Tarrask malware uses scheduled tasks for defense evasion

Read more Tarrask malware uses scheduled tasks for defense evasion

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

Read more DEV-0537 criminal actor targeting organizations for data exfiltration and destruction