Important changes to HybridBrothers.com

Important changes to HybridBrothers.com

As a valued member of our community, we would like to inform you that we are migrating our HybridBrothers.com blogging website to a new framework. More specifically, we are moving away from our current Ghost framework to Hugo. While the Ghost blogging platform works great, we decided to move away from it due to the hosting complexity it introduces.
2 min read
Migration New Website
Transition from Microsoft Sentinel to Defender XDR - Practical challenges

Transition from Microsoft Sentinel to Defender XDR - Practical challenges

Microsoft announced on the 1st of July 2025 that the Microsoft Sentinel Azure Portal UI will be deprecated at the 1st of July 2026, and all requests will be redirected to the Security Portal instead. This means that all Microsoft Sentinel customers have 1 year time to transition to the Unified experience between Microsoft Sentinel and Defender XDR.
12 min read
Defender XDR Microsoft Sentinel Security Portal Migration
Detecting non-privileged Windows Hello abuse

Detecting non-privileged Windows Hello abuse

I recently followed a live session of Dirk-Jan Mollema and Ceri Coburn on how Windows Hello for Business can be abused as a non-privileged user. I was very intrigued by the concept of the attack they demonstrated, which is why a spend a couple of days thinking of ways how we can counter this attack with detective controls as blue teamers.
20 min read
Windows Hello Detection Engineering WDAC MDE
MDE Device Discovery - Improving the monitored network page

MDE Device Discovery - Improving the monitored network page

This blogpost is probably the first of a series that I will create in the coming months on Device Discovery. I regularly see organizations buy a specific tool to create an asset inventory list of what lives in their networks, while this is something we can actually do with Microsoft technology
7 min read
MDE Device Discovery Asset Management Network Monitoring
Correlating Defender for Endpoint and Global Secure Access Logs

Correlating Defender for Endpoint and Global Secure Access Logs

If you are working with Microsoft security solutions, you might have heard of the new kid on the block called Microsoft Global Secure Access. Being a blue teamer myself, I asked myself how we can use this new Secure Service Edge solution - and specifically the Internet Access logs - to make our detections better.
6 min read
MDE GSA Global Secure Access Kusto
Device isolation and containment strategies

Device isolation and containment strategies

How can you effectively isolate a device in your network, and be sure a threat will not perform lateral movement?
14 min read
MDE Containment Defender XDR Network isolation
Entra ID Private Access with private integrated storage accounts

Entra ID Private Access with private integrated storage accounts

In the past couple of weeks, I worked on a project where I needed to provide access to a securely private integrated Azure Storage Account via the Entra ID Private access profile. During this project I encountered a very interesting bug, that made me better understand the insights of how Global Secure Access works.
6 min read
Global Secure Access Azure Private Access Troubleshooting
Cyber back to school: Microsoft Token Theft Unveiled

Cyber back to school: Microsoft Token Theft Unveiled

I am thrilled to participate in the Cyber Back to School initiative hosted during cyber awareness month! This session is all about Primary Refresh Token VS Access Token stealing in Microsoft Entra ID, and will show the practical countermeasures for each of them. I preferred to write a blog post for this instead of a PowerPoint deck since there are a lot of technical details and references I want to cover.
17 min read
Entra ID Cyber back to school Tokens AiTM
Client Credentials - Client Certificate

Client Credentials - Client Certificate

The process is quite similar to the client secret flow described here, so be sure to take a look! The challenge here lies in generating a JWT (JSON Web Token) based on a certificate. I will provide a detailed explanation of how the JWT is generated and exchanged for an access token below.
5 min read
Authentication Security