Investigating HVNC Attacks
HVNC Attacks allow attackers to work comfortably on their victims’ machines. Let’s investigate such attacks.
Read moreTag Archives: Azure Sentinel
Azure Sentinel Internals: Incidents
In my experience, people – due to a lack of knowledge or plain laziness (and I am one of them) sometimes mix-up terms like Events, Alerts, Alarms and Incidents in their conversations. In addition, different tools have different terms for the objects they are displaying in their GUIs. With this article, we will go through all those entities in Sentinel and take a deep dive into their correlations.
Read moreAlertrule from github to Azure sentinel
The Azure Sentinel community is great. Many people contribute to the Azure Sentinel GitHub site. Rod Trent wrote an article on how to deploy analytic rules from GitHub to your Sentinel instance. This is great, however, the rules are written in YAML and can therefore easily be imported programmatically.
Read moreprivilege escalation in Azure AD
It should be clear that -effectively- a user has the same permissions as the object it has control of – but sometimes things are new or complex or both and then the simplest rules vaporize in our heads. This is where it gets dangerous …
Read moreFritzBox 2 Sentinel
As part of a bigger blog post coming up here soon, I have created a PowerShell script that connects to your FritzBox, reads its event logs, extracts the event time, IP addresses and event messages and sends everything to Azure Sentinel for comfortable hunting and alerting and basically everything else Sentinel offers.
Read moreThoughts on identity
The big list of modern cloud identity protection.
Read more
emptydc.com 