Another day of Cybersecurity
You know the drill. A major alert lands, and within minutes, your screen is drowning in browser tabs, multiple consoles, stale queries that return nothing useful, and half-written notes scattered across random text files named something like “incident-final-09.txt.” That kind … Read the rest
PowerShell is a critical tool in any security team and IT admin’s arsenal, offering powerful scripting capabilities for automating tasks across both on-premises and cloud environments. However, its flexibility makes it an attractive target for attackers seeking to run malicious … Read the rest
Azure DevOps provides a comprehensive suite of tools for developers to manage the software development lifecycle and incorporate security practices into their development processes.
Azure DevOps Auditing is a centralized log management and analysis tool for administrators and security teams … Read the rest
One of the key features of Microsoft Sentinel is the ability to ingest data from different sources, such as Azure services, Microsoft 365, third-party solutions, and custom connectors. Logs and Tables can store, query, and visualize this data in the … Read the rest
What’s going on inside the box? Is Service principal monitoring essential? If we rely on the SolarWinds event, this is necessary monitoring. The post will guide how to Monitor Service Principal with Microsoft Sentinel.
There are a few ways to … Read the rest
How do you investigate an Active Directory environment? are you also analyzing the metadata or just investigating an event log on each DC? If you investigate only the event logs, in some cases, it’s not good enough, and you should … Read the rest
Roses Are Red, Violets are Blue, and If you think your RDP is secure, I’ve some ransomware.
There’s been a tremendous increase in cybercriminals attempting to perform attacks by exploiting remote login credentials over the last year. Many employees continue … Read the rest
An attacker is like a lover. He teases until he finds the right moment to act on your network. This behavior is the same for the PowerShell attack. The following post focuses on PowerShell obfuscation and how to monitor with … Read the rest
