Connect WITH MODERN SECURITY
Stay in the Loop
security related articles
Read all articles
Maester – Swiss army knife for M365 security testing
In today’s digital environment, security and compliance are vital for organizations to protect their assets and meet regulatory standards. While traditional frameworks like CIS Controls offer a solid foundation, they often lack the flexibility and specificity needed for dynamic, modern threats. Maester is an open-source PowerShell-based test automation framework designed to…
How-to install guide for Microsoft Defender for Identity
In today’s digital landscape, protecting your organization’s identity infrastructure is more critical than ever. Microsoft Defender for Identity is a robust cloud-based security solution designed to safeguard your on-premises Active Directory (AD) environment. By leveraging advanced analytics and real-time monitoring, it detects and responds to identity-based threats such as…
Maximizing security with Microsoft Defender for Identity
Microsoft Defender for Identity is a robust, cloud-based security solution designed to safeguard your organization’s on-premises Active Directory (AD) and cloud identities. Leveraging signals from both environments, it identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions. Formerly known as Azure Advanced Threat…
Detecting and mitigating Active Directory compromises
Active Directory (AD) is the backbone of identity and access management for most enterprises, making it a prime target for cyberattacks. As a crucial part of managing permissions, users, and systems within a network, securing Active Directory is essential for cybersecurity. When compromised, AD can give attackers control over the entire network, leading to data theft,…
Microsoft deprecates NTLM and why this is an important step
Microsoft deprecates NTLM (New Technology LAN Manager) and recommends transitioning to Kerberos as the primary authentication protocol. Kerberos is known for its enhanced cryptography and server authentication capabilities compared to NTLM. https://aka.ms/ntlm With the deprecation of NTLM, the method of cracking NTLM hashes from Active Directory will become obsolete.…
SOC Optimization in Microsoft Sentinel
Microsoft Sentinel is a next-generation cloud-native Security Information and Event Management (SIEM) solution, enriched by AI and threat intelligence. It delivers end-to-end protection across the multicloud, multiplatform digital estate. With industry-leading innovations focused on SOC productivity, efficient threat investigations, and cost optimizations,…
Microsoft Unified Security Operations Platform
In today’s complex threat landscape, security teams face an uphill battle. They grapple with vast amounts of data from various sources, leading to slower threat response, increased learning curves, and fragmented insights. Managing the costs associated with data handling remains a significant challenge. Enter Microsoft’s Unified Security Operations Platform, a…
Microsoft Security Exposure Management
Microsoft unveiled its Security Exposure Management on March 13, 2024. The solution was developed in response to increasing concerns about various types of exposures, such as software vulnerabilities, misconfigured controls, excessive access privileges, and emerging threats that could lead to the exposure of sensitive data. The conventional method of vulnerability management…
Protecting against QR Code Phishing (Quishing)
As part of our SOC team, we’ve witnessed a significant surge in QR Code Phishing incidents over the past year. In this article, we’ll delve into the fundamentals of QR code phishing and provide actionable steps to safeguard against this growing threat. Notably, both offensive and defensive capabilities have evolved, including powerful tools like Evilginx (read my blogpost…
AiTM / MFA phishing attacks with Evilginx3 and Gophish
I’ve been a user of Evilginx for quite a few years. It’s an awesome tool, very impressive in its functionality, and still a valid solution for capturing users and their tokens. All the credit goes to Kuba Gretzky for his impressive work on Evilginx2 and now Evilginx3. That being said, I always find Evilginx great as a one-off solution, but what if you want to…
SPF, DKIM and DMARC
As of Feb. 1, 2024, Google has announced that they are going to make some changes to their security guidelines in Gmail regarding email senders. How exactly they are going to implement this is not 100% clear yet because this policy only applies to companies that send more than 5,000 emails per day to Gmail. But is this all of a sudden? And how does this affect other senders…
Monitoring admin roles in LogAnalytics
When it gets to know your environment, I always want to know who added admin roles to a user account. At least, I like to know who added which user to an admin role. But… In LogAnalytics you’ll find AuditLogs, but what to do you need to check? Do I find PIM activations interesting? Probably not. Do I want to all see PIM elevations? Maybe. What I do find…
Manage Microsoft Sentinel with Workspace Manager
Recently I came across a new feature, that is kinda welcome as a basic Sentinel user. Normally we automate things through BICEP or DevOps, but now this can be done on a MSSP-based way of working in the portal (together with Lighthouse). The feature is called Workspace Manager and can be found in the settings / settings in your Sentinel Workspace. You’ll have to keep in…
Must Learn KQL
If you’re into Microsoft Sentinel I can really recommend you buy the book from Rod Trent called “Must Learn KQL”. Recently bought the paperback and it’s a nice book to have in pocket if you need a swiss knife into KQL. KQL is a language that will become more- and more important if you’re working from Sentinel and it’s services. Do not…
New website
For a while, I managed several tech blogs, but due to time constraints, I had to let them go. Now, I’m eager to set one up again, focusing primarily on security. It won’t be your typical website; rather, it’ll incorporate more modern security elements. I’m particularly enthusiastic about the current Microsoft ecosystem, so expect posts covering…