Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-02-25MicrosoftMicrosoft
@online{microsoft:20210225:codeql:a43a525, author = {Microsoft}, title = {{CodeQL queries to hunt for Solorigate activity}}, date = {2021-02-25}, organization = {Microsoft}, url = {https://github.com/github/codeql/tree/main/csharp/ql/src/experimental/Security%20Features/campaign}, language = {English}, urldate = {2021-02-25} } CodeQL queries to hunt for Solorigate activity
SUNBURST
2021-02-25MicrosoftMicrosoft Identity Security Team
@online{team:20210225:microsoft:bd11fce, author = {Microsoft Identity Security Team}, title = {{Microsoft open sources CodeQL queries used to hunt for Solorigate activity}}, date = {2021-02-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/}, language = {English}, urldate = {2021-02-25} } Microsoft open sources CodeQL queries used to hunt for Solorigate activity
SUNBURST
2021-02-18MicrosoftMSRC Team
@online{team:20210218:microsoft:645b21a, author = {MSRC Team}, title = {{Microsoft Internal Solorigate Investigation – Final Update}}, date = {2021-02-18}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/}, language = {English}, urldate = {2021-02-18} } Microsoft Internal Solorigate Investigation – Final Update
2021-02-12InfoSec Handlers Diary BlogXavier Mertens
@online{mertens:20210212:agenttesla:228400f, author = {Xavier Mertens}, title = {{AgentTesla Dropped Through Automatic Click in Microsoft Help File}}, date = {2021-02-12}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/diary/rss/27092}, language = {English}, urldate = {2021-02-18} } AgentTesla Dropped Through Automatic Click in Microsoft Help File
Agent Tesla
2021-02-11MicrosoftDetection and Response Team (DART), Microsoft 365 Defender Research Team
@online{dart:20210211:web:c22c110, author = {Detection and Response Team (DART) and Microsoft 365 Defender Research Team}, title = {{Web shell attacks continue to rise}}, date = {2021-02-11}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/}, language = {English}, urldate = {2021-02-20} } Web shell attacks continue to rise
2021-02-09Medium (@alex.birsan)Alex Birsan
@online{birsan:20210209:dependency:44eaf05, author = {Alex Birsan}, title = {{Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies}}, date = {2021-02-09}, organization = {Medium (@alex.birsan)}, url = {https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610}, language = {English}, urldate = {2021-02-10} } Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
2021-02-09MicrosoftMSRC Team
@online{team:20210209:windows:85fcea7, author = {MSRC Team}, title = {{Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 (exploited ITW)}}, date = {2021-02-09}, organization = {Microsoft}, url = {https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1732}, language = {English}, urldate = {2021-02-10} } Windows Win32k Elevation of Privilege Vulnerability CVE-2021-1732 (exploited ITW)
2021-02-09MicrosoftMicrosoft
@techreport{microsoft:20210209:3:b3e5b24, author = {Microsoft}, title = {{3 Ways to Mitigate Risk When Using Private Package Feeds}}, date = {2021-02-09}, institution = {Microsoft}, url = {https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf}, language = {English}, urldate = {2021-02-10} } 3 Ways to Mitigate Risk When Using Private Package Feeds
2021-02-09MicrosoftMSRC Team
@online{team:20210209:multiple:984a407, author = {MSRC Team}, title = {{Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086}}, date = {2021-02-09}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/}, language = {English}, urldate = {2021-02-10} } Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086
2021-02-05Bleeping ComputerSergiu Gatlan
@online{gatlan:20210205:microsoft:183d590, author = {Sergiu Gatlan}, title = {{Microsoft warns of increasing OAuth Office 365 phishing attacks}}, date = {2021-02-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/microsoft-warns-of-increasing-oauth-office-365-phishing-attacks/}, language = {English}, urldate = {2021-02-06} } Microsoft warns of increasing OAuth Office 365 phishing attacks
2021-02-02Click All the Things! BlogJamie
@online{jamie:20210202:xlsb:d82b047, author = {Jamie}, title = {{XLSB: Analyzing a Microsoft Excel Binary Spreadsheet}}, date = {2021-02-02}, organization = {Click All the Things! Blog}, url = {https://clickallthethings.wordpress.com/2021/02/02/xlsb-analyzing-a-microsoft-excel-binary-spreadsheet/}, language = {English}, urldate = {2021-02-04} } XLSB: Analyzing a Microsoft Excel Binary Spreadsheet
2021-02-01MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210201:what:2e12897, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{What tracking an attacker email infrastructure tells us about persistent cybercriminal operations}}, date = {2021-02-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/02/01/what-tracking-an-attacker-email-infrastructure-tells-us-about-persistent-cybercriminal-operations/}, language = {English}, urldate = {2021-02-02} } What tracking an attacker email infrastructure tells us about persistent cybercriminal operations
Dridex Emotet Makop Ransomware SmokeLoader TrickBot
2021-01-28MicrosoftMicrosoft Threat Intelligence Center (MSTIC), Microsoft 365 Defender Threat Intelligence Team
@online{mstic:20210128:zinc:9c8aff4, author = {Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Threat Intelligence Team}, title = {{ZINC attacks against security researchers}}, date = {2021-01-28}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/}, language = {English}, urldate = {2021-01-29} } ZINC attacks against security researchers
ComeBacker Klackring
2021-01-21Medium CSIS TechblogSøren Fritzbøger
@online{fritzbger:20210121:silencing:5e231f5, author = {Søren Fritzbøger}, title = {{Silencing Microsoft Defender for Endpoint using firewall rules}}, date = {2021-01-21}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/silencing-microsoft-defender-for-endpoint-using-firewall-rules-3839a8bf8d18}, language = {English}, urldate = {2021-02-06} } Silencing Microsoft Defender for Endpoint using firewall rules
2021-01-20MicrosoftMicrosoft 365 Defender Research Team, Microsoft Threat Intelligence Center (MSTIC), Microsoft Cyber Defense Operations Center (CDOC)
@online{team:20210120:deep:1cc0551, author = {Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) and Microsoft Cyber Defense Operations Center (CDOC)}, title = {{Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop}}, date = {2021-01-20}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/}, language = {English}, urldate = {2021-01-21} } Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Cobalt Strike SUNBURST TEARDROP
2021-01-19MalwarebytesMarcin Kleczynski
@online{kleczynski:20210119:malwarebytes:2fe3d7d, author = {Marcin Kleczynski}, title = {{Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments}}, date = {2021-01-19}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/}, language = {English}, urldate = {2021-01-21} } Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
2021-01-19FireEyeMike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett
@online{burns:20210119:remediation:76c7695, author = {Mike Burns and Matthew McWhirt and Douglas Bienstock and Nick Bennett}, title = {{Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452}}, date = {2021-01-19}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2021/01/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452.html}, language = {English}, urldate = {2021-01-21} } Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
2021-01-19MandiantMike Burns, Matthew McWhirt, Douglas Bienstock, Nick Bennett
@techreport{burns:20210119:remediation:044c1db, author = {Mike Burns and Matthew McWhirt and Douglas Bienstock and Nick Bennett}, title = {{Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)}}, date = {2021-01-19}, institution = {Mandiant}, url = {https://www.fireeye.com/content/dam/fireeye-www/blog/pdfs/wp-m-unc2452-2021-000343-01.pdf}, language = {English}, urldate = {2021-01-21} } Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 (WHITE PAPER)
2021-01-14MicrosoftMicrosoft 365 Defender Team
@online{team:20210114:increasing:dc031fe, author = {Microsoft 365 Defender Team}, title = {{Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender}}, date = {2021-01-14}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/01/14/increasing-resilience-against-solorigate-and-other-sophisticated-attacks-with-microsoft-defender/}, language = {English}, urldate = {2021-01-18} } Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender
SUNBURST
2021-01-08US-CERTUS-CERT
@online{uscert:20210108:alert:874cda9, author = {US-CERT}, title = {{Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments}}, date = {2021-01-08}, organization = {US-CERT}, url = {https://us-cert.cisa.gov/ncas/alerts/aa21-008a}, language = {English}, urldate = {2021-01-11} } Alert (AA21-008A): Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
SUNBURST SUPERNOVA