Microsoft Security Insights Podcast Replay: Yong Rhee and Microsoft Defender for Endpoint

Did you miss the live edition of the Microsoft Security Insights podcast on Wednesday evening? Never fear, the replay is here: https://www.twitch.tv/videos/1065493942 There was some fantastic Microsoft Defender for Endpoint knowledge administered by our guest PM, Yong Rhee. If you're an MDE fan, you'll want to catch this one. The biggest takeaway for me was … Continue reading Microsoft Security Insights Podcast Replay: Yong Rhee and Microsoft Defender for Endpoint →

Elephant Poop and MCAS on the Microsoft Security Insights Podcast and Live Twitch Stream

I'm guest-hosting the Microsoft Security Insights podcast for the next couple weeks while is Edward is off galivanting and you know I like to make things extra special when I'm on. This next week, just prior to digging into Microsoft security topics with our guest, Sarahzin Shane - a PM for MCAS, I'll be tasting … Continue reading Elephant Poop and MCAS on the Microsoft Security Insights Podcast and Live Twitch Stream →

Field Notes: Dealing with Phishing

Hackers turn to online scams to steal your personal information, because of this phishing prevention has become critical for every organization. Phishing emails may appear to be legitimate. In today’s world, you will likely be subjected to a phishing attack, meaning you'll need to be aware of the warning signs and know how to handle … Continue reading Field Notes: Dealing with Phishing →

All the Microsoft Ninja Training I Know About

There's been a big rush of new interest in Microsoft security certifications recently. There's some fantastic Learn modules (the SC series) created to help those seeking certifications, but these are great sources of knowledge training by themselves. But a lot of you have shown interest in the "Ninja" training that's been put together by our … Continue reading All the Microsoft Ninja Training I Know About →

Is it Time for an Analyst Assistant for Azure Sentinel?

Just a fun little blog post. Nothing serious here, just wanted to bring some joy into your life. I posted earlier about our new Incident Response Playbooks. These are awesome. And, if more of these are made available consistently, SOCs will have a great resource with which to build policies, procedures, and workflows specific to … Continue reading Is it Time for an Analyst Assistant for Azure Sentinel? →

Incident Response Playbooks are the Guidance You Need

A new section has been developed and released in our Security Best Practices section of the docs platform. With hope that this will be built out further and we'll see additional guidance released, the Incident Response Playbooks section contains the following to start: PhishingPassword sprayApp consent grant Bookmark this page and watch for updates. These … Continue reading Incident Response Playbooks are the Guidance You Need →

How to Use Azure Sentinel to Protect Against the Exchange Zero-day

If you've not heard by now and this is your first time hearing it, there's a 0-day in the wild that has been dubbed "HAFNIUM." HAFNIUM targets the following Exchange server versions: Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 Microsoft Exchange Server 2019 Exchange Online is not affected. The vulnerabilities being exploited are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and … Continue reading How to Use Azure Sentinel to Protect Against the Exchange Zero-day →

Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)”

Issue It's December and time to let your hair down. It could be a time to relax, do some reading or even take time to upskill in a new technology. Perhaps catch up with friends and family. But if you think you can completely relax just remember, your identities on-the-line(Vince Vaughn) are open and exposed … Continue reading Security – “The Best Christmas Gift, Securing your Accounts (‘Tis the season to be hacked on Facebook)” →

MITRE ATT&CK Framework Reference Workbook for Azure Sentinel Updated with Latest Techniques

The MITRE Corporation today has announced some changes in it's tactics techniques, including the sunsetting of the PRE-ATT&ACK component only more recently announced. Per the release page: Retirement of PRE-ATT&CK - This release deprecates and removes the PRE-ATT&CK domain from ATT&CK, replacing its scope with two new Tactics in Enterprise ATT&CK Reconnaissance and Resource Development. … Continue reading MITRE ATT&CK Framework Reference Workbook for Azure Sentinel Updated with Latest Techniques →

Microsoft Endpoint Manager – “Defeating Vulnerability Scans”

The Issue In Operations you may get approached by your Security Team from time to time to help them close new Vulnerabilities that have been identified after a Vulnerability Scan was run. It might look like the below and contain a list of Vulnerabilities that need to be addressed. The Investigation If you are lucky … Continue reading Microsoft Endpoint Manager – “Defeating Vulnerability Scans” →