In my experience, people – due to a lack of knowledge or plain laziness (and I am one of them) sometimes mix-up terms like Events, Alerts, Alarms and Incidents in their conversations. In addition, different tools have different terms for the objects they are displaying in their GUIs. With this article, we will go through all those entities in Sentinel and take a deep dive into their correlations.
Read more
With Microsoft 365 Defender, we not only know that a phishing link was received but also that the user clicked on it – however, what we do not know is: if the user provided his credentials to the shady site he clicked on. How do we handle such alerts?
Read more
To help users to make better decisions, when to type a password / on which sites, I have created a very simple chrome extension (that also works on edge): PINKTHUMB – only type in your password when its pink!
Read more
Gundog provides you powershell based guided hunting for Microsoft 365 Defender.
Read more
It should be clear that -effectively- a user has the same permissions as the object it has control of – but sometimes things are new or complex or both and then the simplest rules vaporize in our heads. This is where it gets dangerous …
Read more
The big list of modern cloud identity protection.
Read more
In this article, I give you an example of how malware is hiding through packer techniques to prevent getting caught on your systems. For that, I have recorded a small ‘adventure’ for you that I took last night.
Read more
I bet many company and consumer users out there can be hacked from remote with only a couple lines of JavaScript. In this post I use two lines to start arbitrary programs. You will be surprised how easy this is.
Read more
In this post, I am digging deep into hidden possibilities with MDATP Live Response.
Read more
PimMeNow is a small PowerShell GUI Tool that handles Azure AD Privileged Identity Management (PIM) connects to multiple tenants.
Read more
emptydc.com 