We are the Microsoft Detection and Response Team. All things #DFIR #IncidentResponse
Joined March 2022
- Tweets 23
- Following 3
- Followers 2,083
- Likes 21
Photos and videos
20 Jan 2023
The Unified Audit Log can help build a full story of a threat actor’s activity in #Office365, but its sheer size and detail can be daunting. Are you equipped to hunt through this forensic artifact effectively? Read our latest blog to find out: techcommunity.microsoft.com/…
1
41
80
10,255
13 Dec 2022
If you are in the security research or response field and interested in attending, please submit an application as soon as possible. Applications close January 6, 2023, or when all available passes have been allocated. Full details can be found here: msrc-blog.microsoft.com/2022…
📢 BlueHat 2023: Applications to Attend are NOW OPEN! 📢 If you are interested in attending @MSFTBlueHat in Redmond, WA, USA, Feb 8-9, 2023, please submit your application here: forms.office.com/Pages/Respo… (Applications close Jan 6, 2023)
Microsoft DART retweeted
12 Dec 2022
Threat actors are known to use malicious IIS extensions to open persistent backdoors in servers. As a follow up to a blog on these threats, the Microsoft Detection and Response Team (DART) provides tips on logging and monitoring: msft.it/6016eP7ZM
2
92
175
Microsoft DART retweeted
16 Nov 2022
Threat actor tactics to bypass controls and compromise tokens present additional challenges to defenders. Microsoft DART outlines strategies for organizations to detect, mitigate, and respond to threats of this nature: msft.it/6017dauVN
1
64
80
3 Nov 2022
Cybersecurity risk in mergers and acquisitions is an increasing issue for both IT security and business decision-makers. Read more about what we do at #MicrosoftDART: microsoft.com/en-us/security…
5
8
Microsoft DART retweeted
19 Oct 2022
This post-incident report details some of the TTPs seen in a recent ransomware incident. Learn about best practices from Microsoft Detection and Response Team (DART): msft.it/6016dVE1K
2
67
106
Microsoft DART retweeted
29 Sep 2022
Microsoft has detected social engineering campaigns targeting employees of orgs across industries in the US, UK, India, Russia. MSTIC attributes the campaigns to North Korea-based actor ZINC, which used multiple weaponized open-source software. More info: msft.it/6018d8lvr
2
168
284
9 Sep 2022
Our latest blog details findings our investigation in partnership with Microsoft Threat Intelligence Center (#MSTIC) on the cyberattacks against the Albanian government in mid-July. Read more: microsoft.com/security/blog/…
3
6
Microsoft DART retweeted
8 Sep 2022
Microsoft Detection and Response Team (DART) was engaged to lead the investigation on destructive cyberattacks launched against the Albanian government in mid-July. We assess that the attack was launched by an Iranian state-sponsored actor. Full report: microsoft.com/security/blog/…
2
153
327
Microsoft DART retweeted
7 Sep 2022
Microsoft has been tracking Iranian actor PHOSPHORUS’ ransomware sub-group known as DEV-0270, aka Nemesis Kitten. The group is responsible for multiple attacks typically using high-severity vulnerabilities to gain access. TTPs and more in our latest blog:
microsoft.com/security/blog/…
2
125
209
1 Sep 2022
Call for Consulting Security Services intern applications for Summer 2023. Are you ready to explore an exciting career in #cybersecurity? Come as you are, do what you love—start your journey with us today! careers.microsoft.com/studen…
1
4
4
2 Sep 2022
We are inviting soon to be graduating university students to apply for our #fulltime #jobopportunities at the #MicrosoftAspireExperience University Track at DART under the Security Services Line. Apply here: careers.microsoft.com/studen…
1
2 Sep 2022
Successful fall/winter 2022 graduate applicants will have a start date in August 2023.
Microsoft DART retweeted
1 Sep 2022
How threat intelligence became key to Microsoft's computer security – ift.tt/RXPeTZj
1
3
Microsoft DART retweeted
24 Aug 2022
Microsoft has discovered a post-compromise capability we’re calling MagicWeb, which the threat actor tracked as NOBELIUM is using to maintain persistent access to environments they have compromised. In-depth technical analysis and hunting guidance here: msft.it/6016jeB4i
2
300
503
19 Aug 2022
Are you interested in learning how you can leverage Microsoft Security APIs for incident response? Part 1 of this 3-part series is now available: techcommunity.microsoft.com/… #MicrosoftDART #DFIR #IncidentResponse
3
64
172
Microsoft DART retweeted
15 Aug 2022
Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details TTPs in this MSTIC blog: msft.it/6018jVwFO
2
167
293