-
Intro Microsoft recently announced that OAuth applications are now integrated into the attack path experience within Exposure Management. This also means that all the data available in the Attack surface map is also available in advanced hunting in the Exposure Management tables. This triggered me to have a look at the available data and I could…
-
Intro Lately, I’ve been exploring Microsoft Exposure Management, particularly the data available in the Enterprise Exposure Graph. One interesting use case I’ve identified is leveraging this data to quickly gain an overview of all managed identities and their configured permissions in Azure. I also created a technical talk about Microsoft Exposure management capabilities, hopefully my…
-
Intro Encountering a false negative during a customer engagement can be a critical issue. Recently, I faced a similar situation where a particular exploit went undetected. While I won’t delve into the specifics of the exploit, I want to highlight an efficient method to report false negatives promptly for resolution. In my recent experience, the…
-
Lately, I’ve been doing a lot of Defender for Endpoint deployment/configuration troubleshooting, which prompted me to dust off my MDE-Troubleshooter. I noticed it was missing some new and improved configurations, so I decided to update it. What’s new:– Updates with the new supported Attack surface reduction rules– File hash computation check– Run as admin check–…
-
I’m thrilled to share the launch of the new eBook, “Demystifying Microsoft Defender for Servers” by James Agombar 🎉 I had the pleasure of being a technical reviewer for this eBook, and I can confidently say it’s a valuable resource for anyone looking to enhance their knowledge of the product! This comprehensive guide provides a deeper understanding…
-
Intro This blog discusses a challenge I encountered with a client. They reached out for assistance in addressing issues during the deployment of Defender for Endpoint on Windows Server 2012 R2 and Windows Server 2016. Yes, despite being end-of-life (EOL), these operating systems are still in use. If you’re only interested in the solution, skip…
-
Intro I noticed that more and more clients are starting to use mixed license model for Defender for Servers. Previous you could only enable Defender for Server at the subscription level. Microsoft also noticed this and they made an option available to enable Defender for Servers at the resource level ! The ability to enable…
-
Intro Microsoft published this summer new capabilities and enhancements for Defender for Endpoint on linux. In my opinion Defender for Endpoint on linux is a lot of times overlooked and the new features are a very good improvement to the performance of Defender for Endpoint on linux which deserve more exposure. In this blog i…
-
Intro This blog post is inspired by Rudy Ooms, who wrote a excellent write up about the behind the scenes of the MDE attach v2 process and security configuration on Windows endpoints. Which can be found here. A must read if you want a better understanding how MDE attach v2 is working… I was getting…
-
Intro Malicious actors actively search for machines with open management ports, such as RDP or SSH, to exploit. All of your virtual machines are potential targets for these attacks if you have those ports open. Once a VM is compromised, it serves as a entry point for the attackers to target other resources within your…