Just another day of IR, Threat-Hunting & Microsoft Security
One of the key features of Microsoft Sentinel is the ability to ingest data from different sources, such as Azure services, Microsoft 365, third-party solutions, and custom connectors. Logs and Tables can store, query, and...
What’s going on inside the box? Is Service principal monitoring essential? If we rely on the SolarWinds event, this is necessary monitoring. The post will guide how to Monitor Service Principal with Microsoft Sentinel. There...
How do you investigate an Active Directory environment? are you also analyzing the metadata or just investigating an event log on each DC? If you investigate only the event logs, in some cases, it’s not...
Roses Are Red, Violets are Blue, and If you think your RDP is secure, I’ve some ransomware. There’s been a tremendous increase in cybercriminals attempting to perform attacks by exploiting remote login credentials over the...
An attacker is like a lover. He teases until he finds the right moment to act on your network. This behavior is the same for the PowerShell attack. The following post focuses on PowerShell obfuscation and...
Recently, there have been massive cyberattacks against cloud providers and on-premises environments, the most recent of which is the attack and exploitation of vulnerabilities against Exchange servers – The HAFNIUM. This post focus on Microsoft Sentinel...
Are your Intune local users configured as local admin? Do you’ve got additional admin users on Intune devices? In most cases, Intune users could be the Local administrators, and it’s a feature without any disruption,...
Sentinel. Sentry a defender always on the guard who aims to protect and withstand threats, anticipate any attack, assume that it will arrive, and adjust the behavior accordingly. Be present to protect the assets and...
