I recommend reading this thread as it gives some great insight and stories into incidents. #DFIR
Also, the current top comment on there is freaking incredible!
https://t.co/Rw8FEj0VZ1
Implementing ASR rules using Defender telemetry is not so difficult as it was in the past. But it takes time... Interesting article https://t.co/7GP2YUcvwR
Tiered Administration is among the strongest security controls that exist.
But the vast majority of organizations do not use it.
Here is how you can get started using Tiered Administration TODAY in your #Azure environments: 🧵
@Haus3c Excellent work for Azure users ATT&CK is quite high level and the fact that they want to be vendor neutral doesn't help when discussion comes to details of the platform
Today I'm happy to announce my newest and most ambitious project - the Azure Threat Research Matrix (ATRM). A similar look to MITRE ATT&CK Enterprise, but the ATRM will cover AzureAD and Azure resource TTPs. Official blog post: https://t.co/zbdHcyKIxH (1/2)
I suppose that blocking ISO in Windows helps https://t.co/EYpRVuztYl Delivery of .lnk in similar archives like rar, zip is very old technique. EDRs should alert if not block such behavior.Does #MicrosoftDefender /MicrosoftSentinel Prevent/Detect this? @MSFTSecurity@MsftSecIntel
91 DaysToGo – If you use an MDM/MAM solution, use it to deploy new profiles. Here’s how to use Intune to set the auth mechanism for iPhone and iPad. If you don’t have an MDM, simply remove and re-add the account from the device and it should automatically switch to Modern Auth.
Why Zero Trust architecture will disrupt the cybersecurity industry, the same way Netflix disrupted Blockbuster https://t.co/XnWN2C8fgw Each organization needs to find its own way to 0trust and certainly there is NO a magic product to buy and forget the cybersecurity issues
MUST for Azure MFA: 1) For user awareness edit the the company branding page to write an awareness message 2)use number matching in multifactor authentication (MFA) notifications https://t.co/ar7wSsEot7
Today, the @EU_Commission made a proposal for a Regulation on cybersecurity at the EU institutions, bodies and agencies. The objectives: 1) Increase the level of cybersecurity at these organisations; 2) Reinforce the mandate and funding of @CERTEU
💻🔐🤝
https://t.co/viwLaCuWiy
So, anybody care to share their favorite resources on #SOC metrics? I am doing a post related to this and wanted to drop a list of everybody's fave links on measuring SOC performance (yes, including mine too) #request
PetitPotam is another example of the world outside processes, powershell, dlls. Almost 5yrs have been recommending to monitor ADCS logs, specifically Channel: Security EventID: 4887. Detections like this aren’t as clear cut, but just as useful & cover entire other attack paths.