Security

Sign in

Image of two coworkers collaborating at a desk.

Microsoft Detection and Response Team (DART)

A blog series focused on the latest attack methods as well as cybersecurity best practices derived from our investigations and engagements, helping our customers respond to compromises and become cyber-resilient.

Man in a collared shirt working on a server station inside a secure room. Coworkers and large monitors are in the background. Keywords: network security, on-premise security, threat protection, secure score, monitoring, security management, operations, Microsoft Security collection

December 21, 2020

Advice for incident responders on recovery from systemic identity compromises

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as some longer term mitigations.

IT professional at a digital consulting firm.

December 17, 2020

A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that are easy to utilize and can significantly improve security in Azure AD and Office 365 configurations.

image of a man walking through a State-of-the-art facility uses eco-friendly solutions such as using reclaimed water to cool the data center.

October 7, 2020

Best practices for defending Azure Virtual Machines

One of the things that our Detection and Response Team (DART) and Customer Service and Support (CSS) security teams see frequently during investigation of customer incidents are attacks on virtual machines from the internet. This is one area in the cloud security shared responsibility model where customer tenants are responsible for security. Security is a…

An image of a woman wearing a dark shirt in a dim office scrolling or working on a Microsoft Surface Studio.

August 11, 2020

Microsoft Office 365—Do you have a false sense of cloud security?

Security is not just flipping the switch of security features to "on" and think you are done. DART explores the concept of having a false sense of security when securing your cloud environments.

Real people, real offices.

May 4, 2020

CISO Series: Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC. This is the sixth blog post in the series.

Designer image whose text reads "Polymorphic."

April 2, 2020

Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team

Today, we're glad to share DART Case Report 002—Full Operational Shutdown.

March 9, 2020

Real-life cybercrime stories from DART, the Microsoft Detection and Response Team

In the new DART Case Reports, you'll find unique stories from our team’s engagements around the globe. Read the first in the series today.

February 4, 2020

Ghost in the shell: Investigating web shell attacks

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.

A woman in a car types on her laptop.

January 7, 2020

Threat hunting in Azure Advanced Threat Protection (ATP)

DART was called into an engagement where the adversary had a foothold within the on-premises network, which had been gained through compromising cloud credentials. Luckily, this customer had deployed Azure ATP prior to the incident and it had already normalized authentication and identity transactions within the customer network.

December 17, 2019

Norsk Hydro responds to ransomware attack with transparency

Aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware. Learn how the company recovered and got back to business as usual.

Image of two workers in an office looking at their laptops.

December 16, 2019

Ransomware response—to pay or not to pay?

As part of Microsoft’s Detection and Response Team (DART) Incident Response engagements, we regularly get asked by customers about "paying the ransom" following a ransomware attack.

Image of a man walking through a datacenter.

November 14, 2019

Changing security incident response by utilizing the power of the cloud—DART tools, techniques, and procedures: part 1

A series on DART’s tools, techniques, and procedures for investigating cybersecurity incidents at their customer organizations. Part 1 introduces the team and gives a brief overview of the tools that DART utilizes.

1
2
Next