Olivia
Online
Peter
@vptrms
The quieter you become, the more you’re able to hear.
#Incident response #dfir #infosec #Digital #forensics #sdr #entra id #conditional access
Brussels / Gent
Joined July 2009
1.2K Following
129 Followers
1.1K Posts
@Cyb3rMonk @merill That is a process but you will get there.
First have a ca in audit mode , remove findings 1 by 1 and get it in block mode.
The only case left for me is the kubernetes case but it can be resolved.
So now on block mode with some exceptions is beter then nothing.
@merill @passtheprt Deploying passkeys and fido2 keys is also all about communication.
I'm rolling out to users but scope your enforcement gradually on apps and persona's and devices. So users can get used to it before enforcement WITH insight.
An agreed communication plan works always.
@tijd UGent zou beter dit oplossen
https://t.co/X6Bghd8cCS
De Sterre rij is niet een lachertje
@_0b1d1 Pdf please
@MSFTSecSuppTeam Nice so we can add applocker data now in it!
@NathanMcNulty You can have CA as code so 1 of the options is during an incident response deploy CA that block sign in except PAW predefined workstations. Just to interrupt malicious and or compromised id sign in.
@PyroTek3 You can configure that the user needs to accept inbound communication from a specific user.
@merill If remote from Europe ...
This is an amazing opportunity.
Microsoft is looking for a Security Operations Engineer II, based in Redmond, WA
The role is in the Identity & Access Management (IAM) Protect team that manages Entra tenants for all Microsoft Cloud.
Apply here https://t.co/RX3AGFAgGI
@KrazyCynic1125 @DanielatOCN Combined with MAM policies this makes sense. Also I would go to fido2 passkey if you think it is a security regression
@merill Finally..
@merill Nice roadmap but keep also in mind we need to be resilient and have alternative plans for when entra id is not available due political instability or internet outage due sabotage in EU. Not easy to those exercises.
I guess Microsoft should also know that eu got the us message
@reprise_99 What they do also is breach assessment on the same way incident response is done.
They are really good.
Anyone know if Microsoft Defender for Office 365 actually flags display-name spoofing when the name is RFC 2047-encoded (=?UTF-8?B?…?=)?
Just had one sneak past our P1 policy. Anyone seen consistent detection—or have tuning tips?
@rucam365 @fabian_bader #M365Sec #Phishing
@AndrewZtrhgf @NathanMcNulty This is why we have in the Ms guidelines on ca the admin persona's. So when in the pin elevation you can have other session control and you can bound it to a privileged access workstation.
I think combining can help against it.
@UK_Daniel_Card Good enough is evolving everyday. So it is continuous effort to get to a level that is acceptable for the business in question and adapted to the risk appetite. Unfortunately it is never "now it is ok" or "good enough"
@alitajran Network based access controls are ok but better is only allowing machines you know.
@NathanMcNulty @acjuelich @Yubico @merill @TokenTwo Passkeys on certain older devices are not working but it is fido2 compliant and free
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers