Category Archives: Windows OS

Why are Windows Defender AV logs so important and how to monitor them with Azure Sentinel?

Today we are going to talk about our good old friend or better known as Windows Defender AV. Not to confuse with the EDR solution that’s called ”Defender for Endpoint”. Windows Defender is the traditional out of the box antivirus for a Windows machine. In this blog post, we are going to explain why it is relevant to keep an

Read more

DFIR – Windows and Active Directory persistence and malicious configurations

I’ve decided to write this blog post, because one day. I’m confident that I will use it during an incident response. In this blog post, we will cover different persistence that are relevant. It does not mean that we will cover every persistence that’s out there, which is kind of unrealistic. Due to the fact, that Windows & Active Directory

Read more