Back to bundle

Security Stuff

119 followers 0 articles/week
Follow
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Monitoring your network and gathering massive amounts of data has become easier and easier. Many guides exist on how to gather data, and lots of companies have "enterprise grade" Security Information and Event Management products that can ingest terabytes of data. But what seems to be missing from most environments is the ability to apply context to...

Mon Dec 11, 2017 17:08
When the manual is not enough – runas /netonly, Unexpected Credential Exposure and the Need for Reality Based Holistic Threat Models

One of the things I always advocate for IT Professionals/Defenders is that versus letting Penetration Testers and Real Attackers figure out the holes in their systems, is a serious contemplation of how you would bypass your own defenses. Your adversaries are more than willing to spend time learning the apps and defenses you have in place and who knows...

Mon Apr 4, 2016 22:28
What should I know about security? The massive list of links post.

I maintain a list of links I call “security stuff every Microsoft customer should know” that I send to every customer I visit. The list ranges from basic things to more in depth security knowledge, and is now available even if I haven’t visited you.  You might want to bookmark this page, as it will get updated periodically. My links on security...

Wed Mar 9, 2016 04:16
Monitoring what matters – Windows Event Forwarding for everyone (even if you already have a SIEM.)

Last week at Ignite Australia I presented a session (available here) on something I don't think gets talked about enough – Windows Event Forwarding (WEF). Often when we engage for an Incident Response, we find the customer : Has no centralized logging Are not monitoring endpoints/member servers (often just DCs) Spam logs with extra data Are...

Wed Mar 9, 2016 04:16
Tracking Lateral Movement Part One – Special Groups and Specific Service Accounts

Lateral Movement – the moving of an attacker from one compromised host throughout your domain until they find what they are looking for – is something we see many just about all attackers doing during compromise. I've talked a lot about the attacker behavior and how to stop it – strong protective controls can serve as powerful detective controls....

Wed Mar 9, 2016 04:16
Local Administrator Password Solution (LAPS) Implementation Hints and Security Nerd Commentary (including mini threat model)

I did a guest post over on the Ask PFE Platforms blog about the Local Administrator Password Solution (LAPS) this week. You can check it out here : http://blogs.technet.com/b/askpfeplat/archive/2015/12/28/local-administrator-password-solution-laps-implementation-hints-and-security-nerd-commentary-including-mini-threat-model.aspx -Jessica @jepayneMSFT 

Wed Mar 9, 2016 04:16

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account