Just another day of IR, Threat-Hunting & Microsoft Security
What are the effective ways to identify an adversary in Active Directory infrastructure? There are many ways to identify Active Directory incidents, whether through Event IDs, network traffic, or other logs. The logs are often...
Microsoft Defender for Identity Group recently released the Active Directory Certificate Service (ADCS) support and expanded its coverage with a new AD CS sensor!. Great milestone. Like other sensor types in Microsoft Defender for Identity,...
Threat Hunting in the Cloud differs from Legacy Threat Hunting (on-premise). Change my Mind. This post, among many others in the “Cloud Threat Hunting” series, will take you into the Cloud Threat-Hutning and “little things”...
How do you investigate security incidents in Active Directory? Is the investigation only at the Active Directory level? or may it include the endpoint? Is it through an interface or CLI? Adversaries love Active Directory, and...
