Tagged: Microsoft Sentinel
This post is updated constantly with queries from the field about the Microsoft 365 Defender. Some of the queries are standard, and others are advanced. Additionally, I’m breaking down the queries into building blocks and explanations.
What’s going on inside the box? Is Service principal monitoring essential? If we rely on the SolarWinds event, this is necessary monitoring. The post will guide how to Monitor Service Principal with Microsoft Sentinel....
Managing comprehensive security products and controls can be complicated, requiring a specific skill set and control over the security process. In addition to managing complexity is tracking where the simulation activities, alerts, and results...
How do you investigate an Active Directory environment? are you also analyzing the metadata or just investigating an event log on each DC? If you investigate only the event logs, in some cases, it’s...
Roses Are Red, Violets are Blue, and If you think your RDP is secure, I’ve some ransomware. There’s been a tremendous increase in cybercriminals attempting to perform attacks by exploiting remote login credentials over...
An attacker is like a lover. He teases until he finds the right moment to act on your network. This behavior is the same for the PowerShell attack. The following post focuses on PowerShell obfuscation...
Recently, there have been massive cyberattacks against cloud providers and on-premises environments, the most recent of which is the attack and exploitation of vulnerabilities against Exchange servers – The HAFNIUM. This post focus on Microsoft...
Are your Intune local users configured as local admin? Do you’ve got additional admin users on Intune devices? In most cases, Intune users could be the Local administrators, and it’s a feature without any...