Ars Technica

windows 2012 r2 dns-server audit log event id 520

Having an issue today. It seems like DNS records for various workstations are disappearing from DNS. On the DNS server, I'm seeing DNS 520 events. It looks like the host itself is sending dynamic ...
Bleeping Computer

Critical SIGred Windows DNS bug gets micropatch after PoCs released

The critical remote code execution security vulnerability in Windows DNS known as SIGRed has received a micropatch for servers without an Extended Security Updates (ESU) license. SIGRed can be ...
Bleeping Computer

Sysmon Getting DNS Query Logging with Querying Process Name

To the delight of Windows system administrators everywhere, Microsoft has announced that a new version of Sysmon is coming out this week that will include the ability to log DNS queries performed on a ...
MCPmag

Using PowerShell To Parse and Understand Windows Server DHCP Logs

Have you ever scrolled through the Windows Server DHCP logs in the Notepad app while trying to troubleshoot something? Then you know that it's a tedious task. There are many alternatives to Notepad ...
TechSpot

Microsoft's 'Zero Trust DNS' could finally rid Windows of widespread DNS vulnerabilities

The big picture: The domain name lookup process is one of the most significant holes in network security. Despite being crucial for translating human-friendly web addresses into IP numbers that ...
CSOonline

How to optimize Windows event logging to better investigate attacks

The default event logging in Windows 10 won't give you enough information to properly conduct intrusion forensics. These settings and tools will help you collect the needed log data. After a ...
Dark Reading

SIGRed: What You Should Know About the Windows DNS Server Bug

Last week Microsoft patched SIGRed, a critical and wormable vulnerability in the Windows DNS Server that affects Windows Server versions 2013 to 2019. CVE-2020-1350, which has a CVSS base score of ...