PICKED BY MODERN SECURITY

LATEST ARTICLES

Maester

Maester – Swiss army knife for M365 security testing

Connect WITH MODERN SECURITY

Stay in the Loop

Read all articles

Maester

Maester – Swiss army knife for M365 security testing

In today’s digital environment, security and compliance are vital for organizations to protect their assets and meet regulatory standards. While traditional frameworks like CIS Controls offer a solid foundation, they often lack the flexibility and specificity needed for dynamic, modern threats. Maester is an open-source PowerShell-based test automation framework designed to…
Microsoft Defender for Identity

How-to install guide for Microsoft Defender for Identity

In today’s digital landscape, protecting your organization’s identity infrastructure is more critical than ever. Microsoft Defender for Identity is a robust cloud-based security solution designed to safeguard your on-premises Active Directory (AD) environment. By leveraging advanced analytics and real-time monitoring, it detects and responds to identity-based threats such as…
Microsoft Defender for Identity

Maximizing security with Microsoft Defender for Identity

Microsoft Defender for Identity is a robust, cloud-based security solution designed to safeguard your organization’s on-premises Active Directory (AD) and cloud identities. Leveraging signals from both environments, it identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions. Formerly known as Azure Advanced Threat…
Microsoft deprecates NTLM

Microsoft deprecates NTLM and why this is an important step

Microsoft deprecates NTLM (New Technology LAN Manager) and recommends transitioning to Kerberos as the primary authentication protocol. Kerberos is known for its enhanced cryptography and server authentication capabilities compared to NTLM. https://aka.ms/ntlm With the deprecation of NTLM, the method of cracking NTLM hashes from Active Directory will become obsolete.…

SOC Optimization in Microsoft Sentinel

Microsoft Sentinel is a next-generation cloud-native Security Information and Event Management (SIEM) solution, enriched by AI and threat intelligence. It delivers end-to-end protection across the multicloud, multiplatform digital estate. With industry-leading innovations focused on SOC productivity, efficient threat investigations, and cost optimizations,…
Security Exposure Management

Microsoft Security Exposure Management

Microsoft unveiled its Security Exposure Management on March 13, 2024. The solution was developed in response to increasing concerns about various types of exposures, such as software vulnerabilities, misconfigured controls, excessive access privileges, and emerging threats that could lead to the exposure of sensitive data. The conventional method of vulnerability management…

Protecting against QR Code Phishing (Quishing)

As part of our SOC team, we’ve witnessed a significant surge in QR Code Phishing incidents over the past year. In this article, we’ll delve into the fundamentals of QR code phishing and provide actionable steps to safeguard against this growing threat. Notably, both offensive and defensive capabilities have evolved, including powerful tools like Evilginx (read my blogpost…
SPF, DKIM and DMARC

SPF, DKIM and DMARC

As of Feb. 1, 2024, Google has announced that they are going to make some changes to their security guidelines in Gmail regarding email senders. How exactly they are going to implement this is not 100% clear yet because this policy only applies to companies that send more than 5,000 emails per day to Gmail. But is this all of a sudden? And how does this affect other senders…

Monitoring admin roles in LogAnalytics

When it gets to know your environment, I always want to know who added admin roles to a user account. At least, I like to know who added which user to an admin role. But… In LogAnalytics you’ll find AuditLogs, but what to do you need to check? Do I find PIM activations interesting? Probably not. Do I want to all see PIM elevations? Maybe. What I do find…

Manage Microsoft Sentinel with Workspace Manager

Recently I came across a new feature, that is kinda welcome as a basic Sentinel user. Normally we automate things through BICEP or DevOps, but now this can be done on a MSSP-based way of working in the portal (together with Lighthouse). The feature is called Workspace Manager and can be found in the settings / settings in your Sentinel Workspace. You’ll have to keep in…

Must Learn KQL

If you’re into Microsoft Sentinel I can really recommend you buy the book from Rod Trent called “Must Learn KQL”. Recently bought the paperback and it’s a nice book to have in pocket if you need a swiss knife into KQL. KQL is a language that will become more- and more important if you’re working from Sentinel and it’s services. Do not…

New website

For a while, I managed several tech blogs, but due to time constraints, I had to let them go. Now, I’m eager to set one up again, focusing primarily on security. It won’t be your typical website; rather, it’ll incorporate more modern security elements. I’m particularly enthusiastic about the current Microsoft ecosystem, so expect posts covering…