The Azure Sentinel community is great. Many people contribute to the Azure Sentinel GitHub site. Rod Trent wrote an article on how to deploy analytic rules from GitHub to your Sentinel instance. This is great, however, the rules are written in YAML and can therefore easily be imported programmatically.
Read more
Gundog provides you powershell based guided hunting for Microsoft 365 Defender.
Read more
It should be clear that -effectively- a user has the same permissions as the object it has control of – but sometimes things are new or complex or both and then the simplest rules vaporize in our heads. This is where it gets dangerous …
Read more
As part of a bigger blog post coming up here soon, I have created a PowerShell script that connects to your FritzBox, reads its event logs, extracts the event time, IP addresses and event messages and sends everything to Azure Sentinel for comfortable hunting and alerting and basically everything else Sentinel offers.
Read more
The big list of modern cloud identity protection.
Read more
Let’s face it: Sometimes you get false positives in Office ATP phishing Emails. Either this is caused by the system or you have scheduled a phishing simulation from a third party provider that cannot be properly whitelisted. I have created a PowerShell script that connects to the Office 365 Management API and grabs all the needed information from the investigations and from the alerts and displays it in ONE Excel table.
Read more
THOR CLOUD is a useful extension for forensic analysis after MDATP threw some alerts. In this post, I take a quick look at it.
Read more
In this article, I give you an example of how malware is hiding through packer techniques to prevent getting caught on your systems. For that, I have recorded a small ‘adventure’ for you that I took last night.
Read more
I bet many company and consumer users out there can be hacked from remote with only a couple lines of JavaScript. In this post I use two lines to start arbitrary programs. You will be surprised how easy this is.
Read more
In this post, I am digging deep into hidden possibilities with MDATP Live Response.
Read more