I’ve decided to write this blog post to have a better understanding of Azure Virtual Machines. This blog post was more meant for myself. It covers basic stuff around Azure VM administration and some security stuff. There will be more similar blog post around Microsoft Azure topics. Azure Virtual Machine An Azure virtual machine is a computer resource that is
Read moreService Principals are identities used by created applications, services, and automation tools to access specific resources. It only needs to do specific things, which can be controlled by assigning the required API permissions. The majority of organizations that work a lot with Azure AD, have service principals as well. Every time when an application has been registered. It will automatically
Read moreToday I would like to share my experience with doing Cloud forensics in Azure AD. I’ve been working for over a year with Azure Active Directory, and have primary focused on the different security aspects of it. One of my main focus has been doing Cloud forensics, which I will tell more about. I was always interested in understanding, where
Read moreIn this blog post, we are going to explain how to exfiltrate data over (S)FTP. This blog post is mainly for educational purposes. During this blog post, we will cover everything in steps, which will help the readers being able to simulate this attack by themselves. The goal of this blog post is to demonstrate how relative easy it is
Read moreDuring the past year, we have seen ransomware gangs using public tools to exfiltrate data by copying it to an array of a Cloud storage provider. In November 2020, SentinelOne discovered, that adversaries were using such techniques to transfer data from a victim’s machine to a Cloud storage provider. The blog post of SentinelOne can be found here. Where they
Read moreMicrosoft Detection and Response (DART) team recently shared a PowerShell module, that they are using in their IR engagements, so I thought it would be great to blog about it. I’ve previously blogged about IR in Azure AD, but today I want to extend it further. This blog post includes more details comparing to my previous blog posts, regarding to
Read moreIn my previous blog post, I’ve blogged about collecting logs in Azure AD and how we could use the exported logs to analyze it. Today, I want to focus on reviewing relevant data to perform further investigation, in a compromised environment. An successful investigation requires understanding of adversaries their behaviors. It is a balance between understanding how they operate, so
Read moreToday, I’m going to start my incident response series. Where I will focus on Azure Active Directory and Office 365. What are the steps, that we have to take when doing an IR engagement in a Cloud environment? Incident Response is a broad topic and it’s hard to cover every specific detail, so I’ve decided to split it into a
Read more
Microsoft 365 Security 