Threat Hunting with MTP: The Sixth Sense
Let’s assume you just learned about this new vulnerability in in VLC. Attackers can exploit it by sending .mkv files to your users via Email. Pretty easy – pretty dangerous.
Read moreJan Geisbauer
Go, hack yourself! – Ignite 2019 Edition
In spring 2019 I have written a post on how you can hack yourself to better understand the Microsoft Tools that help you defend modern attacks. Since then, several month and one MS Ignite have been past, in other words: things have changed.
Read moreMDATP: talking to the User
Sometimes isolating or blocking user actions (like downloads) is too restrictive – instead you just want to warn or ‘educate’ him. At the same time, I don’t know too many ITpros that enjoy talking to their end-users (I think we all should, but this is another story). Today we will look into a flow-automation of Microsoft Defender Advanced Threat Protection (MDATP) alerts.
Read moreWhat does ‘Office ATP Safe Attachments’ actually block?
Whenever I talk to customers about Office ATP Safe Attachments, they immediately ask me, what exactly it does protect us from. I thought it’s time to do some tests and clarify that.
Read moreMicrosoft Defender ATP Streaming API
In the past, we could consume the MDATP API ‘on demand’ (pull) by PowerShell for example.
We could even do advanced hunting queries via the API.
However, pulling the data out of MDATP might bring in some delay in one or the other scenario and the information from the advanced hunting results are limited to the last 30 days.
With the brand new ‘Streaming API’, Microsoft is offering a new approach to make data from MDATP available outside of the portal.
Read morePasswords: with or without you
So, here we go. As announced last Ignite conference in 2018, Microsoft customers can live without passwords now. After phone sign-in and Hello of course, we now have Security Key support, which means you can now sign in to your Windows 10 AAD joined device by the use of those little friends here:
Read moreThe New Unified Identity SecOps Experience
The new Unifed Identity SecOps Experience brings together information from Azure ATP, Microsoft Cloud App Security (MCAS) and Azure AD Identity Protection.
In this blog post, we will look into the new UI and evaluate which value it has. However – as always-, I am trying to add a little ‘spice’ and therefore we will build in some Mimikatz action. Be exicted :-).
Read more