Just another day of IR, Threat-Hunting & Microsoft Security
Roses Are Red, Violets are Blue, and If you think your RDP is secure, I’ve some ransomware. There’s been a tremendous increase in cybercriminals attempting to perform attacks by exploiting remote login credentials over the...
An attacker is like a lover. He teases until he finds the right moment to act on your network. This behavior is the same for the PowerShell attack.Β The following post focuses on PowerShell obfuscation and...
Are your Intune local users configured as local admin? Do you’ve got additional admin users on Intune devices? In most cases, Intune users could be the Local administrators, and it’s a feature without any disruption,...
Sentinel. Sentry a defender always on the guard who aims to protect and withstand threats, anticipate any attack, assume that it will arrive, and adjust the behavior accordingly. Be present to protect the assets and...
The following post will assist you with the Log4j incident response process based on the familiar tools, mitigate options, and the information from the vendors and community. Introduction On Dec. 9, 2021, a remote code...
The following post will guide creating a short Log4j lab to simulate the recent Log4j vulnerability on your Azure environment – Log4j LAB & Sentinel Detection. Remember, set up this lab in a dedicated environment...
This short blog post will guide how to Hunting Log4j with Microsoft Sentinel. On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was identified as being exploited in the wild....
Do you like cookies? Everyone loves especially attackers and especially cloud-related cookies. If you have got multi-factor authentication (MFA) enabled on your account or are even passwordless in some situations, you can’t be compromised, correct?...
