MDATP 💙 THOR
THOR CLOUD is a useful extension for forensic analysis after MDATP threw some alerts. In this post, I take a quick look at it.
Read moreJan Geisbauer
Hide and Seek
In this article, I give you an example of how malware is hiding through packer techniques to prevent getting caught on your systems. For that, I have recorded a small ‘adventure’ for you that I took last night.
Read moreYou can be hacked with two lines of JavaScript
I bet many company and consumer users out there can be hacked from remote with only a couple lines of JavaScript. In this post I use two lines to start arbitrary programs. You will be surprised how easy this is.
Read moreDeep Dive: Forensics via MDATP Live Response
In this post, I am digging deep into hidden possibilities with MDATP Live Response.
Read morePim Me Now !
PimMeNow is a small PowerShell GUI Tool that handles Azure AD Privileged Identity Management (PIM) connects to multiple tenants.
Read moreBlock it.
There have been times, were there was no answer, when the question was raised: “how can I block access to certain internet domains in the modern workplace scenario?” – Those times are over.
Read moreThreat Hunting with MTP: The Sixth Sense
Let’s assume you just learned about this new vulnerability in in VLC. Attackers can exploit it by sending .mkv files to your users via Email. Pretty easy – pretty dangerous.
Read moreGo, hack yourself! – Ignite 2019 Edition
In spring 2019 I have written a post on how you can hack yourself to better understand the Microsoft Tools that help you defend modern attacks. Since then, several month and one MS Ignite have been past, in other words: things have changed.
Read moreMDATP: talking to the User
Sometimes isolating or blocking user actions (like downloads) is too restrictive – instead you just want to warn or ‘educate’ him. At the same time, I don’t know too many ITpros that enjoy talking to their end-users (I think we all should, but this is another story). Today we will look into a flow-automation of Microsoft Defender Advanced Threat Protection (MDATP) alerts.
Read moreWhat does ‘Office ATP Safe Attachments’ actually block?
Whenever I talk to customers about Office ATP Safe Attachments, they immediately ask me, what exactly it does protect us from. I thought it’s time to do some tests and clarify that.
Read more