Another day of Cybersecurity
As part of ongoing research and hunting, as well as investigating security incidents, I encounter many cases where there are gaps in security tools, systems do not document and collect logs properly or do not display them as we would … Read the rest
No One Is Immune. AnyDesk was breached, and the problem isn’t the breach itself. It’s the issue with using a remote desktop solution with malicious potential in a sensitive environment. Many investigations I did in the past involved Anydesk as … Read the rest
In the ever-evolving realm of cybersecurity, where threats often lurk unseen, the role of defenders is increasingly becoming proactive. It’s a shift from merely guarding to actively hunting – seeking out the elusive adversaries before they strike.
Enter MDI, which … Read the rest
In the tangled world of cybersecurity, where threats often wear the cloak of invisibility, defenders must become hunters, actively seeking out their elusive adversaries. Within this digital battleground, Microsoft Defender for Identity emerges as a formidable ally, empowering cybersecurity teams … Read the rest
What are the effective ways to identify an adversary in Active Directory infrastructure? There are many ways to identify Active Directory incidents, whether through Event IDs, network traffic, or other logs. The logs are often missing or don’t have accurate … Read the rest
Threat Hunting in the Cloud differs from Legacy Threat Hunting (on-premise). Change my Mind.
This post, among many others in the “Cloud Threat Hunting” series, will take you into the Cloud Threat-Hutning and “little things” you should know. I have … Read the rest
This post is updated constantly with queries from the field about the Microsoft 365 Defender and other security controls (ITDR, CASB, EDR, CSPM, CNAPP, etc.). Some of the queries are standard, and others are more advanced. Additionally, I’m breaking down … Read the rest
