Another day of Cybersecurity
What are the effective ways to identify an adversary in Active Directory infrastructure? There are many ways to identify Active Directory incidents, whether through Event IDs, network traffic, or other logs. The logs are often missing or don’t have accurate … Read the rest
Microsoft Defender for Identity Group recently released the Active Directory Certificate Service (ADCS) support and expanded its coverage with a new AD CS sensor!. Great milestone.
Like other sensor types in Microsoft Defender for Identity, this one is simple … Read the rest
Threat Hunting in the Cloud differs from Legacy Threat Hunting (on-premise). Change my Mind.
This post, among many others in the “Cloud Threat Hunting” series, will take you into the Cloud Threat-Hutning and “little things” you should know. I have … Read the rest
This post is updated constantly with queries from the field about the Microsoft 365 Defender and other security controls (ITDR, CASB, EDR, CSPM, CNAPP, etc.). Some of the queries are standard, and others are more advanced. Additionally, I’m breaking down … Read the rest
How do you investigate security incidents in Active Directory? Is the investigation only at the Active Directory level? or may it include the endpoint? Is it through an interface or CLI? Adversaries love Active Directory, and as we can see, … Read the rest
Integrated threat protection from Microsoft will empower your organization’s defenders by putting the right tools and intelligence in the hands of the right people. Get insights across your entire environment with Azure Sentinel. Use integrated, automated, extended detection and response … Read the rest
While working with security incidents, the primary key is information. Things like important information, logs, data sources, a correlation between all data, and the signals – All of these are valuable when hunting and searching for specific information, for example, … Read the rest
