LATEST BLOGS
Automatic attack disruption in Microsoft Defender XDR and containing users during Human-operated Attacks
Microsoft announced last year a new feature with the name; Automatic Attack Disruption in Defender XDR (Microsoft 365 Defender). Since October last year, Microsoft expanded the Automatic attack disruption feature with the support of human-operated attacks and the ability of…
Pivot via OAuth applications across tenants and how to protect/detect with Microsoft technology? (Midnight blizzard)
Recently threat actors like Midnight Blizzard use the OAuth applications in tenants that they can misuse for malicious activity. Actors use compromised user accounts to create/ modify and grant permissions to OAuth applications in tenants and move across test and…
Protect against QR Code phishing with Microsoft Defender products
In the past months, there has been a growing increase in QR Code phishing, since attackers are using new creative ways to bypass existing protections. QR Code phishing is commonly used to bypass existing protections and steal/ collect tokens/ user…
How to use deception in Microsoft Defender for Endpoint/ Defender XDR
Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect attackers early in the kill chain and disrupt advanced attacks. Deception is a new feature for…
How to protect Microsoft Teams with Microsoft 365 Defender
Microsoft released in the past months additional protections for Microsoft Teams. The new Office protection is part of the Defender for Office product and protects against more modern phishing methods via chat messages. In the past years, phishing was mainly…
Common mistakes during Microsoft Defender for Endpoint deployments
Microsoft Defender for Endpoint (MDE) is part of Microsoft 365 Defender and can be deployed via multiple configurations. During my experience with the product, I deployed/ reviewed and evaluated many Defender for Endpoint instances and configured new instances for many…
How to use Automatic Attack Disruption in Microsoft 365 Defender (BEC, AiTM & HumOR)
Last year Microsoft announced a new feature called; Automatic attack disruption which uses correlated insights from the Microsoft 365 ecosystem and powerful AI models to stop sophisticated attack techniques while the attack is in progress. Automatic attack disruption supports the…
How to troubleshoot Live Response in Defender for Endpoint
Live Response is a powerful feature as part of the Microsoft 365 Defender portal. With the use of Live Response Security Operations Teams can establish a remote session to collect more files/ or forensic evidence/ run scripts remotely. With the…
Onboard and configure Defender for Endpoint for non-persistent VDI environments
Microsoft supports multiple onboardings methods for Defender for Endpoint. For non-persistent VDI’s there is always a challenge since non-persistent VDI’s are working differently in comparison with typical endpoints. For Defender for Endpoint, there is a challenge during the onboarding and…
How to use Defender for IoT firmware Scanning for checking potential security vulnerabilities and weaknesses
Recently Microsoft announced a new firmware scanning feature in Defender for IoT. With the new Defender for IoT Firmware analysis, it is possible to upload firmware images for security analysis and checking against vulnerabilities and weaknesses. Currently, the feature is…