Block gTLD (.zip)/ FQDN domains with Windows Firewall and Defender for Endpoint
Recently there was some news with new gTLD domains. Google Registry launched eight new top-level domains: .dad, .phd, .prof, .esq, .foo, .zip, .mov, and .nexus. From a security point of view, the .zip and .mov can be dangerous (of course more TLDs are known as malicious targets). Malicious actors…
How works Microsoft Defender Threat Intelligence / Defender TI – and what is the difference between free and paid
Microsoft Defender Threat Intelligence (MDTI), previously known as RiskIQ brings threat Intelligence data together from multiple sources. With Microsoft Defender Threat Intelligence (MDTI), customers will have direct access to real-time data and signals to hunt for threats across their environments….
Block C2 communication with Defender for Endpoint
Human-operated ransomware (HumOR) is growing and needs different layers of protection. Microsoft released some new features to protect against C2 communication. Attackers rely heavily on C2 communications for multiple stages, and blocking these direct connections can disrupt or mitigate attacks…
Microsoft Defender for Cloud– The ultimate blog series (Intro) – P0
Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP). Defender for Cloud contains a large set of features and capabilities; it is based on the following: Introduction blog series This ultimate blog series will contain as much information…
Block “vulnerable/unwanted” applications with Defender for Endpoint and Vulnerability Management
In all environments, reducing the vulnerability surface and getting insights into the vulnerable applications are recommended and important. Microsoft Defender for Endpoint P2 contains the vulnerability management solution for getting visibility based on the installed MDE sensor. Microsoft Defender Vulnerability…
Microsoft Defender SmartScreen – how to use SmartScreen and Phishing protection
Microsoft Defender SmartScreen is available in various Microsoft products and adds an extra/first layer/filter of protection. The core component of Microsoft Defender SmartScreen is protecting against phishing or malware websites/ applications. For Windows 11 more features are available including SmartScreen…
Deploy Microsoft Defender for Endpoint on iOS using Intune/MEM
Microsoft Defender for Endpoint is available for multiple platforms including Windows, macOS, and Linux. For mobile platforms Defender for Endpoint is available for iOS and Android. Multiple methods are available for deploying Defender for Endpoint on iOS devices. This blog…
Microsoft Defender for Endpoint series – Tips and tricks/ common mistakes – Part10
It is time for part 10 of the Microsoft Defender for Endpoint (MDE) series. The final part of the series. Part 10 is focussed on tips and tricks around Defender for Endpoint and some important items scoped on common mistakes…
Microsoft Defender for Endpoint series – Automation via Logic Apps and Sentinel – Part9
It is time for part 9 of the Microsoft Defender for Endpoint (MDE) series. Part 9 is focused on the automation part of Defender for Endpoint with the use of Logic Apps/ Microsoft Sentinel automation. In the previous part, a…
Deploy Sysmon and collect additional data with Sentinel and the AMA agent
System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code behavior and network traffic. Sysmon is part of the Sysinternals package and is owned by Microsoft. Sysmon…