Pink Thumb 2023
Pink Thumb 2023
– displays a pink thumb on pages you consider save
– warns on untrusted websites that contain a password field
– has a secret defender for endpoint feature
Read moreTag Archives: Security
Jumphost Security
Let’s go quickly through an example in which an attacker has code execution on a Windows 10 box and opens a proxy channel to an attacker machine. The attacker then uses ‘proxychains’ which ingests all network output from defined tools on the attacker machine into the proxy tunnel to the Windows 10 box.
With that, we will be able to start an RDP session on the attacker machine, proxy it through the Win10 machine to the local Domain Controller.
The result of that is a Domain Controller that only sees an RDP connection coming from the Win10 box and no MSTSC process on this Win10 box. Please, read the last sentence again. This makes the detection of the attacker steps harder
Read moreWindows Credential Dumping
If you are interested in windows protection and detection techniques and how they behave under the various attacks on Windows credentials, this article is for you.
Read moreMDE Hunting 101
People that start working with Defender for Endpoint (MDE) often ask the question “where should I start when I see an alert in MDE?”. There is lot of valuable information available in the portal to help judge if an alert is a real incident or a false positive. Additionally, you can query the raw telemetry via KQL. But there is still lot of room for interpretation. So, what should you do to get started? And what is even more important: how do I keep the overview?
Read moreHide and Seek
In this article, I give you an example of how malware is hiding through packer techniques to prevent getting caught on your systems. For that, I have recorded a small ‘adventure’ for you that I took last night.
Read moreAI, Protect Me!
Azure AD Identity Protection (IP) recently got a refresh (in preview). We will have a look into some of the enhancements.
Read moreChristmas Special: Peace between Security and Usability (by the example of Multifactor Authentication in Azure AD)
One of the biggest problems of our times in IT is to pacify the long-lasting war between security and usability. We all know this picture here below that shows precisely human behavior: people will accept security, when its easy enough. Otherwise they will find their own way around security
Read more100% Cloud will never happen!
I like the idea of starting a brand-new blog site by the name of “Empty Datacenter – 100% Cloud” and then writing the first article, indicating that this will never happen.
But this is exactly what happens during the ‘cloud familiarization period’. The WHAT? Exactly.
Read more
emptydc.com 