Today we are going to talk about our good old friend or better known as Windows Defender AV. Not to confuse with the EDR solution that’s called ”Defender for Endpoint”. Windows Defender is the traditional out of the box antivirus for a Windows machine. In this blog post, we are going to explain why it is relevant to keep an
Read moreI often get messages from folks who ask me questions around deploying Sysmon on their endpoints, and how to push those logs to an Azure Sentinel workspace. Since I’ve received these kind of messages a couple of times. I thought it would be a great idea to blog about it. This would help me to remember the steps as well,
Read moreIn my previous blog post, I’ve blogged about collecting logs in Azure AD and how we could use the exported logs to analyze it. Today, I want to focus on reviewing relevant data to perform further investigation, in a compromised environment. An successful investigation requires understanding of adversaries their behaviors. It is a balance between understanding how they operate, so
Read moreToday, I’m going to start my incident response series. Where I will focus on Azure Active Directory and Office 365. What are the steps, that we have to take when doing an IR engagement in a Cloud environment? Incident Response is a broad topic and it’s hard to cover every specific detail, so I’ve decided to split it into a
Read more
Microsoft 365 Security 