Microsoft Threat Protection |

Tag Archives: Microsoft Threat Protection

Investigating HVNC Attacks

Posted on September 22, 2023 by Jan Geisbauer Leave a comment

HVNC Attacks allow attackers to work comfortably on their victims’ machines. Let’s investigate such attacks.

Main Articles

MDE Hunting 101

Posted on March 27, 2022 by Jan Geisbauer One comment

People that start working with Defender for Endpoint (MDE) often ask the question “where should I start when I see an alert in MDE?”. There is lot of valuable information available in the portal to help judge if an alert is a real incident or a false positive. Additionally, you can query the raw telemetry via KQL. But there is still lot of room for interpretation. So, what should you do to get started? And what is even more important: how do I keep the overview?

Main Articles

gundog

Posted on February 25, 2021 by Jan Geisbauer 11 comments

Gundog provides you powershell based guided hunting for Microsoft 365 Defender.

Main Articles

Thoughts on identity

Posted on August 12, 2020 by Jan Geisbauer One comment

The big list of modern cloud identity protection.

Main Articles

Threat Hunting with MTP: The Sixth Sense

Posted on January 23, 2020 by Jan Geisbauer Leave a comment

Let’s assume you just learned about this new vulnerability in in VLC. Attackers can exploit it by sending .mkv files to your users via Email. Pretty easy – pretty dangerous.

Main Articles

Go, hack yourself! – Ignite 2019 Edition

Posted on November 21, 2019 by Jan Geisbauer Leave a comment

In spring 2019 I have written a post on how you can hack yourself to better understand the Microsoft Tools that help you defend modern attacks. Since then, several month and one MS Ignite have been past, in other words: things have changed.

Main Articles