Microsoft Incident Response, Author at Microsoft Security Blog

Man sitting at a wooden table typing on a laptop while using Microsoft Teams within Windows 365. Shown on Windows 11.

Oct 26, 2021

11 min read

Protect your business from password sprays with Microsoft DART recommendations

This blog discusses DART’s investigation techniques and approach to responding to password spray attacks while outlining recommendations for protecting against them.

Female developer coding her workspace in an enterprise office, using Visual Studio on a multi-monitor set up.

Sep 27, 2021

9 min read

A guide to combatting human-operated ransomware: Part 2

In this post, we will tackle the risks of human-operated ransomware and detail DART’s security recommendations for tactical containment actions and post-incident activities in the event of an attack.

Black female developer wearing headphones; coding at her PC workspace in an enterprise office, using Visual Studio on a multi-monitor set up.

Sep 20, 2021

7 min read

A guide to combatting human-operated ransomware: Part 1

As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.

Looking into a conference room or board room meeting including people sitting around table in a room with international time clocks.

Jun 9, 2021

6 min read

CRSP: The emergency team fighting cyber attacks beside customers

CRSP is a worldwide team of cybersecurity experts operating in most countries, across all organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the first place.

Feb 11, 2021

9 min read

Web shell attacks continue to rise

A year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated. Read our investigation into the escalating prevalence of web shells.

Man in a collared shirt working on a server station inside a secure room. Coworkers and large monitors are in the background. Keywords: network security, on-premise security, threat protection, secure score, monitoring, security management, operations, Microsoft Security collection

Dec 21, 2020

17 min read

Advice for incident responders on recovery from systemic identity compromises

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as some longer term mitigations.

IT professional at a digital consulting firm.

Dec 17, 2020

5 min read

A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that are easy to utilize and can significantly improve security in Azure AD and Office 365 configurations.

An image of a woman wearing a dark shirt in a dim office scrolling or working on a Microsoft Surface Studio.

Aug 11, 2020

4 min read

Microsoft Office 365—Do you have a false sense of cloud security?

Security is not just flipping the switch of security features to "on" and think you are done. DART explores the concept of having a false sense of security when securing your cloud environments.

Feb 4, 2020

5 min read

Ghost in the shell: Investigating web shell attacks

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.

Aug 8, 2019

2 min read

Protect against BlueKeep

DART offers steps you can take to protect your network from BlueKeep, the “wormable” vulnerability that can create a large-scale outbreak due to its ability to replicate and propagate.

Microsoft Incident Response Posts