Co-authors - Christoph Dreymann - Shiva P Introduction Azure Storage Accounts are frequently targeted by threat actors. Their goal is to exfiltrate sensitive data to an external infrastructure un...

Co-authors - Raae Wolfram | Sam Gardener Once an attacker has gained access to a system, the browser becomes a rich source of credentials, a platform for persistence, and a stealthy channel for dat...

Updated August 11, 2025   Microsoft Defender Experts for XDR Microsoft Defender Experts for XDR is a managed extended detection and response (MXDR) service that triages, investigates, and respo...

Microsoft Defender Experts manages and investigates incidents for some of the world’s largest organizations. We understand the challenges facing our customers and are always looking for ways to respo...

Forensic readiness in the cloud Forensic readiness in the cloud refers to an organization’s ability to collect, preserve, and analyze digital evidence in preparation for security incidents. Foren...

From memory dumps to filesystem browsing Historically, threat groups like Lorenz have relied on tools such as Magnet RAM Capture to dump volatile memory for offline analysis. While this approach ca...

Co-authors: Henry Yan, Sr. Product Marketing Manager and Sylvie Liu, Principal Product Manager   Security Operations Centers (SOCs) are under extreme pressure due to a rapidly evolving threat lan...

Co-authors - Ateesh Rajak  -  Balaji Venkatesh Overview: What if an attacker didn’t need malware, phishing kits, or exploits to break into your environment—just a convincing voice and a tool you ...

Co-authors - Christoph Dreymann  -  Abul Azed  -  Shiva P. Introduction As organizations increase their cloud adoption to accelerate AI readiness, Microsoft Incident Response has observed the ris...

During a cyberattack, speed and coordination can make all the difference. It's not just about technical expertise; it's about having the right people working together when every second matters. Succe...