Just another day of IR, Threat-Hunting & Microsoft Security
Ransomware attacks grow and cripple companies, cities, and businesses. Attackers are locking people out of their networks and demanding significant payment to get back in. The case is that many organizations still pay attackers in...
This paper describes how to manually deploy Microsoft Defender for Endpoint on Ubuntu 20.04 with a few tips, experience from the field, and much more. Microsoft expands its Microsoft Defender for Endpoint ecosystem to match...
This blog post focuses on bypassing Microsoft Defender for Cloud Apps (MDA) App Control. This bypassing method is one scenario of four that allows you to bypass session proxy. There are a few ways to...
There are two scans within Microsoft Cloud App Security; the first scan is what we call the “at rest scan,” so this one is ongoing and will scan your files from the oldest to the...
Recently I prepared for the Microsoft 365 Security exam, the MS-500: Microsoft 365 Security Administration, which has new content since June 8, 2020. On the one hand, the MS-500 isn’t a new exam, but on...
While working with security incidents, the primary key is information. Things like important information, logs, data sources, a correlation between all data, and the signals – All of these are valuable when hunting and searching...
In today’s world, the classic concept of remote workers and external users is still acceptable? As you know, once you’re on the cloud, the perimeter is dead, and each user is DMZ. So the modern...
When talking security investigation and forensics, please take the word “prevent” out of the dictionary because organizations realize that stopping complicated cyber attacks in many situations is unrealistic. Note: this post is an introduction for...
