Select Page
MichaelHildebrand_0-1653599159712.png

To AAD Join or Not … That is the Question

As we all know, the cloud paradigm shifts in IT continue. When I worked in corporate IT - heck, when I started blogging out here - on-prem was really all there was. Active Directory, GPOs and WINS were all the ... continue reading
Dynamically route alerts to the right team.

Dynamically route alerts to the right team.

Hello folks, After a discussion with a customer where they were expressing their “displeasure” with the number of alert notifications that the IT department was receiving from environments that were not critical but still in need of monitoring. I started ... continue reading
This image displays an alert in Microsoft Defender for Identity. The title states "Suspicious Kerberos delegation attempt by a newly created computer" followed by the subtitle "Administrator on evilcomputer5 used a ticket to delegate access to ATTACKER." Below the titles displays an administrator icon on the left and an attacker icon on the right, with an arrow pointing from the admin to the attacker stating "delegated a ticket with access to". The evidence includes "resource based constrained delegation is configured on the resource with the Administrator as allowed to delegate", "evilcomputer5 was created on May 19 2022 at 8:45 PM", and "this alert is associated with the KrbRelayUp exploitation".

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn ... continue reading
Microsoft Build 2022

Introducing the Microsoft Intelligent Data Platform

We are moving to a world where every application needs to be intelligent and adaptive to real-time model learning. As businesses build modern data capabilities, they must make decisions at the speed of human thought. Developers are challenged by this, ... continue reading
Phases of risk management listed as identification, assessment, response, and monitoring and reporting.

How to improve risk management using Zero Trust architecture

“Compliance is all about risk management and lessening risk, and the same is true of Zero Trust.” —Abbas Kudrati What’s risk management and why is it important? Risk management, the process of developing a strategy for addressing risk throughout its ... continue reading
Attack chain diagram with icons and arrows depicting a typical web skimming attack.

Beneath the surface: Uncovering the shift in web skimming

Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) ... continue reading
ConfigMgr Infrastructure Example

Semi-Automate ConfigMgr Firewall Settings

Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!" I’m a Microsoft Senior Customer Engineer with a broad spectrum of interests. Due to recent events multiple customers have questioned their infrastructure security concept and approached me with ... continue reading
BrunoGabrielli_0-1651246854693.png

Azure Monitor: Expanding the Out-of-the-Box observability for your IT infrastructure

Hello ladies and gentlemen, How many times have you found yourself in the need of monitoring a custom KPI? How many times did you need to react to a situation in which a given number of records in a database ... continue reading
A histogram that presents the number of attacks observed from January 2019 to April 2021, to show prevalence. This chart is originally from the MITRE Sightings Ecosystem project.

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could ... continue reading
Getting to know Azure Arc

Getting to know Azure Arc

**I do want to state of course I’m an employee of Microsoft but links to any books or courses as part of my learning experience, I am not affiliated with. I don’t have affiliate links I’m just sharing what I ... continue reading