Submitted by Josh on Tue, 12/13/2016 - 05:13
I'll be presenting a brand new session titled "Hunting Webshells on Microsoft Exchange Server" at the 2017 SANS Threat Hunting and Incident Response Summit in New Orleans on April 18th and 19th!
My session abstract:
"Microsoft Exchange Servers are a high value target, making investigation of them during Incident Response vital, but where do you start? What should you look for? Backdoor implants in the form of webshells hiding in OWA are on the rise. Find out how to hunt webshells and differentiate between legitimate use and attacker activity, using default logging available on every Exchange Server, through real world examples. It’s easier than you might think, and these techniques can help up your DFIR game in environments containing Exchange Servers!"
Submitted by Josh on Fri, 04/01/2016 - 10:38
Ever since last month's announcement that Microsoft SQL Server will be coming to Linux, quiet rumors have been floating around that some of Microsoft's other Enterprise Products, such as Exchange Server, may follow suit. With this week's announcement at the Build conference about the popular Linux shell "BASH" coming to Windows, I decided it was time to see what the Exchange team has planned for Linux, if anything. Today I caught up with a member of the Exchange team that wishes to remain anonymous to get the inside scoop on Exchange 2016 SP1 and support for installing it on Linux!
Submitted by Josh on Tue, 01/05/2016 - 09:24
I've always had two passions throughout my IT career, Messaging, and Security. I tend to change my focus from one to the other every few years. For the past couple years as a Premier Field Engineer, I was fortunate enough to be able to leverage both of my passions, however Messaging was my primary focus. Yesterday was my first day back to work in 2016. It was also the start of a new role for me at Microsoft. I am now a Cybersecurity Architect, and with that my primary focus changes to Security once again. This means you'll probably see a little more Security focused content on my blog from now on.
Submitted by Josh on Thu, 10/01/2015 - 11:09
Submitted by Josh on Fri, 09/18/2015 - 17:24
This week I was helping a customer figure out why their Windows 8.1 with Outlook 2013 clients couldn't connect to Exchange 2010 over Outlook Anywhere with Smartcard Authentication, but their Windows 7 with Outlook 2010 clients could. After a couple days of looking at network traces on firewalls, Process Explorer, and Process Monitor on several clients, we finally figured it out. Keep reading for more details on symptoms, cause, and resolution.
Outlook Profile creation either fails after a single PIN prompt with a message stating that encrypted communication with the Exchange Server could not be established, or profile creation never progresses past the first stage with repeated PIN prompts.
Submitted by Josh on Thu, 04/30/2015 - 17:27
Here are some times/places you can find me during the Microsoft Ignite conference next week.
Sunday May 3rd
3-4 PM - #BeerIT - I'm hoping to make this pre-conference party, but the time conflicts with a meeting I have. Hopefully I'll be able to make it for at least part of it.
6-9 PM - Exchange and Sharepoint Pre-Release Program Pre-Event - This one is invite only, if you have an invite, I'll see you there!
Monday May 4th
6-8 PM Welcome Reception/Ask the Experts in the Expo Hall - I'll be hanging out in the Office 365/Exchange area wearing one of the "EXPERT" Orange shirts.
After Hours - TBD
Tuesday May 5th
Submitted by Josh on Wed, 04/01/2015 - 08:27
A month in advance of the Ignite Conference, an anonymous source within the Exchange Product Group tells us Exchange 2016 is being built on, and will run entirely inside of, Minecraft. Check out my exlusive interview below!
FixTheExchange: Why Minecraft?!
Submitted by Josh on Tue, 03/31/2015 - 21:34
If you haven't already heard, I'll be delivering a session at the Microsoft Ignite conference at the McCormick Place in Chicago Illinois May 4-8. My session is called "Shut the Front Door! Securing your Messaging Environment". (Session code BRK3109)
UPDATED! TIME CHANGE! (Updated again, for some reason the strikethrough text isn't working, removed some text to avoid confusion)
The date and time of my session have been officially announced, it will be Wednesday May 6th from 10:45AM to 12:00 PM. You can find more details here. Also be sure to check out my promo video on YouTube.
Submitted by Josh on Tue, 03/17/2015 - 11:26
Submitted by Josh on Wed, 12/10/2014 - 14:20