Windows Credential Dumping
If you are interested in windows protection and detection techniques and how they behave under the various attacks on Windows credentials, this article is for you.
Read moreCategory Archives: Main Articles
MDE Hunting 101
People that start working with Defender for Endpoint (MDE) often ask the question “where should I start when I see an alert in MDE?”. There is lot of valuable information available in the portal to help judge if an alert is a real incident or a false positive. Additionally, you can query the raw telemetry via KQL. But there is still lot of room for interpretation. So, what should you do to get started? And what is even more important: how do I keep the overview?
Read moreGundog 2
Version 2 of Gundog to hunt in Microsoft 365 Defender via PowerShell is now available. This article describes the new features.
Read moreAzure Sentinel Internals: Incidents
In my experience, people – due to a lack of knowledge or plain laziness (and I am one of them) sometimes mix-up terms like Events, Alerts, Alarms and Incidents in their conversations. In addition, different tools have different terms for the objects they are displaying in their GUIs. With this article, we will go through all those entities in Sentinel and take a deep dive into their correlations.
Read morehunting phish
With Microsoft 365 Defender, we not only know that a phishing link was received but also that the user clicked on it – however, what we do not know is: if the user provided his credentials to the shady site he clicked on. How do we handle such alerts?
Read morePink Thumb
To help users to make better decisions, when to type a password / on which sites, I have created a very simple chrome extension (that also works on edge): PINKTHUMB – only type in your password when its pink!
Read moregundog
Gundog provides you powershell based guided hunting for Microsoft 365 Defender.
Read moreprivilege escalation in Azure AD
It should be clear that -effectively- a user has the same permissions as the object it has control of – but sometimes things are new or complex or both and then the simplest rules vaporize in our heads. This is where it gets dangerous …
Read moreThoughts on identity
The big list of modern cloud identity protection.
Read moreHide and Seek
In this article, I give you an example of how malware is hiding through packer techniques to prevent getting caught on your systems. For that, I have recorded a small ‘adventure’ for you that I took last night.
Read more
emptydc.com 