Yesterday, many Norwegian websites were targeted in a DDoS attack by an activist group called Killnet as you can read more about here –> Norway hit with cyberattack, temporarily suspending service (yahoo.com) Killnet does primarily DDoS attacks using either flooding with POST or GET operations on layer 7 or TCP SYN flood attacks on layer 4. …
Microsoft Sentinel – Kusto queries for Killnet and geo lookup Read More »
One of the sessions that I had the Nordic Infrastructure Conference was about how to provide secure access for users in 2022, which I also wanted to go into more depth here to showcase what kind of options we have and how some of the different vendors provide this capability. It is important to note …
Consider the following, you are building a new set of services that is using the Public Cloud and the service consists of different resources such as virtual machines, PaaS services, and container-based workloads. You want to leverage PaaS services to minimize operational overhead and be able to gain from the evolution of the PaaS services …
One of the things I do miss from the old days with System Center Operations Manager, was the ability to create distributed applications. Which allowed us to drag components together that was monitored as a service. This could be components like Hardware Network components Windows Servers TCP Probes or HTTP probes Which then was grouped …
Distributed applications monitoring with Serverless360 Read More »
When using PaaS services in a hub-and-spoke architecture a best-practice approach is to use Private Endpoints for accessing those services. This allows us to ensure that these services are only available internally in the Azure VNET and not publicly available. For instance, with this example below. Where we have a private endpoint to a storage …
Private Endpoints – SNAT – UDR and Azure Firewall Read More »
Last week I got contacted by a customer who was a bit stressed because someone had tampered with their environment in Azure, and they had no idea who it was and what they have been doing. Before I begin going through the details, it should be noted that in this environment I had little monitoring …
The curious case of Azure Managed Identity and a compromised virtual machine Read More »
I was working on a customer project recently where we started to investigate Azure Container Apps which is a new service that is currently in preview from Microsoft. The feature provides developers with a way to deliver containerized applications without the complexity of Kubernetes in an Azure-based environment. To summarize in a nutshell what Azure …
One of the great things with Terraform is the wealth of support for different providers and platforms. For instance, you have support for the major cloud providers, SaaS services like Cloudflare, and virtualization layers such as VMware. So, when I’m setting up a Kubernetes environment on a cloud provider such as with Azure, I can …
Deployment of Kubernetes, Helm and YAML files using Terraform Read More »
A while back a customer of ours got targeted with a phishing attack that came through Microsoft Teams. What happened was that the attackers created a new O365 organization and named the users in their tenant like the people working in the IT department in the customer organization. By default, Microsoft Teams has a federation …
Phishing attacks in Microsoft Teams and external federation Read More »
This is a summary blog post on a presentation that I hosted on the Microsoft Security User Group Norway a few weeks back (You can view the presentation here –> community/MSUGC-securing-virtual-machines-english.pptx at main · msandbu/community (github.com)) There are many security features within Microsoft Azure when it comes to securing virtual infrastructure. 1: Encrypting data and VM …
Securing Virtual Machine Infrastructure in Microsoft Azure Read More »
