As we all know, the cloud paradigm shifts in IT continue. When I worked in corporate IT - heck, when I started blogging out here - on-prem was really all there was. Active Directory, GPOs and WINS were all the ... continue reading

Hello folks, After a discussion with a customer where they were expressing their “displeasure” with the number of alert notifications that the IT department was receiving from environments that were not critical but still in need of monitoring. I started ... continue reading

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn ... continue reading

We are moving to a world where every application needs to be intelligent and adaptive to real-time model learning. As businesses build modern data capabilities, they must make decisions at the speed of human thought. Developers are challenged by this, ... continue reading

“Compliance is all about risk management and lessening risk, and the same is true of Zero Trust.” —Abbas Kudrati What’s risk management and why is it important? Risk management, the process of developing a strategy for addressing risk throughout its ... continue reading

Microsoft security researchers recently observed that web skimming campaigns now employ various obfuscation techniques to deliver and hide skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) ... continue reading

Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!" I’m a Microsoft Senior Customer Engineer with a broad spectrum of interests. Due to recent events multiple customers have questioned their infrastructure security concept and approached me with ... continue reading

Hello ladies and gentlemen, How many times have you found yourself in the need of monitoring a custom KPI? How many times did you need to react to a situation in which a given number of records in a database ... continue reading

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could ... continue reading

**I do want to state of course I’m an employee of Microsoft but links to any books or courses as part of my learning experience, I am not affiliated with. I don’t have affiliate links I’m just sharing what I ... continue reading