AitM detection with Sentinel via custom CSS
Thinking out of the box, and detecting AiTM with custom CSS
Posts
Browse all our latest posts on Microsoft security, Azure, and infrastructure automation.
From hybrid / fully joined devices to Entra ID
Adversaries are more and more interested in the data and infrastructure that lives in Cloud environments like Azure and Microsoft 365 solutions. Since Microsoft EntraID is the most common central IDP solution for these environments, it is important to identify the possible paths attackers can use to move from a device to possible crown jewels that live in these Cloud solutions. In this blog post, I wanted to talk about how adversaries can use Entra ID Joined or Hybrid Joined devices to move laterally to the cloud, using EntraID SSO features, and how they can get a foothold on these devices. This blog post is based on a Red-Teaming scenario I encountered in a real-life, and is written from a Blue-Teaming perspective.
Using Managed Identities in Logic App HTTP triggers
How does Data Collection rule and transformations work?
Demystifying Data Collection Rules and Transformations
How does Data Collection rule and transformations work?
Mapping MDE and Windows Security Events overlap
Use the OSSEM framework to map MDE and Windows Security Events overlap on the MITRE framework
Deploy sentinel analytic rules with bicep and PowerShell
Learn how to deploy Microsoft Sentinel analytic rules using bicep and PowerShell
Ghost blogging on Azure Container Apps
Hosting a blog these days can easily be done without having to cost anything. There are a lot of solutions in the likes of Medium, Weebly, Wix,... But for the more technology-minded people like us, who want to go the extra mile, we didn't go for the easiest solution. We chose to run our blog on Azure Container Apps using the Ghost blogging platform.
Operationalizing MITRE ATT&CK to support Microsoft Sentinel deployments and detections
Learn hwo you can use MITRE ATT&CK to understand your detection gaps