Persistence is effectively the ability of the attacker to maintain access to a compromised host through intermittent network access, system reboots, and (to a certain degree) remediation activities. The ability of an attacker to compromise a system or network and successfully carry out their objectives typically relies on their ability to maintain some sort of persistence on the target system/network.

As cloud providers and infrastructure technologies grow their support for Windows containers, developers who use the Windows ecosystem are more and more able to enjoy the benefits of containerization. It’s quicker and easier than ever to modernize and deploy applications that use Windows-specific frameworks like .NET. Plus, Windows developers can use orchestration services like Kubernetes, Amazon ECS, or Docker Swarm to manage the complexity that containerized environments introduce.

Accessing Windows registry (local or remote) is a typical way of gathering useful data. However, there’s a typical pitfall that can cause unexpected scripts or programs behavior. Namely, accessing registry values across different architectures (say, 64-bit entries from 32-bit applications).

On July 14, 2020, Microsoft released a security update related to a remote code execution (RCE) and denial of service (DoS) vulnerability (CVE-2020-1350) in Windows DNS Server (2003 - 2019).

This post continues this two-part blog series on further understanding the differences between macOS and Windows on the system level for effective endpoint security analysis. In Part 1, we covered process events. Here in Part 2, we’ll discuss file and network events. As with Part 1, my hope is to help cybersecurity professionals expand and enrich their experiences on a less familiar platform, ultimately helping them to be better prepared to face differences from past experiences.

How would you compare the Windows and macOS operating systems? In what ways are they similar? Why do they each take different approaches to solving the same problem? For the last 19 years I've developed security software for Windows. Recently, I’ve started implementing similar features on macOS. Since then, people have asked me questions like this. The more experience I gained on these two operating systems, the more I realized they’re very different.

Microsoft Windows is a popular operating system for many enterprise applications, such as Microsoft SQL Server clusters and Microsoft Exchange Servers. About 30% of the world’s web application hosting systems are running Windows, making it an important part of every enterprise’s plans to prevent outages and enhance reliability.