Category Archives: M365 Advanced Hunting

How to hunt for LDAP reconnaissance within M365 Defender?

Lightweight Directory Access Protocol (LDAP) is one of the core protocols used for directory services. The primary function of LDAP is to enable folks to find data about users, groups, computers, and much more. It also provides the communication language that applications require to send and receive information from directory services, such as Active Directory. In overall, LDAP is the

Read more

Start having visibility in service accounts with defender for identity

Defender for Identity is a cloud-based security solution that leverages On-Premises Active Directory signals to identify and detect threats. It monitors Domain Controllers by capturing it’s network traffic to leverage it with Windows event logs to analyze data for attacks, that might occur on a network. Once the sensor of Defender for Identity has been installed on all the Domain

Read more