Select Page

How Do I Discover Changes to an AD Group’s Membership

Q: Is there an easy way to detect and changes to important the membership of AD Groups? A: Easy using PowerShell 7, WMI, and the CIM Cmdlets. WMI Windows Management Instrumentation (WMI) is an important component of the Windows operating ... continue reading
™

Surface expands its Secured-core portfolio with the new Surface Laptop 4 powered by AMD Ryzen™ Mobile Processors

As operating systems are becoming more secure and resistant to compromise, advanced vectors like firmware, kernel and hardware direct memory access (DMA) have emerged as new favored targets for threat actors. Recent trends indicate a substantial growth in the number ... continue reading

Is a User A Local Administrator?

Q: Some of the things we do in our logon scripts require the user to be a local administrator. How can the script tell if the user is a local administrator or not, using PowerShell 7. A: Easy using PowerShell ... continue reading
MEM Home

Attack Surface Reduction Rules – Warn Mode with MEM/M365 Defender

Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In a previous blog back in July, 2020, I walked through a demo of setting up an Attack ... continue reading
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence

Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed ... continue reading

Configuration Manager Current Branch Antivirus Exclusions

Hey everybody! My name is Brandon McMillan and I am a Microsoft Endpoint Configuration Manager (ConfigMgr) CE at Microsoft. ConfigMgr Current Branch has been the standard service-based model since December 2015 with the release of version 1511. You may have ... continue reading

New Surface PCs enable virtualization-based security (VBS) by default to empower customers to do more, securely

VBS and HVCI-enabled devices help protect from advanced attacks Escalation of privilege attacks are a malicious actor’s best friend, and they often target sensitive information stored in memory. These kinds of attacks can turn a minor user mode compromise into ... continue reading
AppGuard Policies

Microsoft Defender Application Guard for Office

  Introduction   This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will focus on a future release of Microsoft Defender Application Guard for Office available in limited preview for Windows 10 20H2. Windows 10 20H2 is now available for commercial customers to ... continue reading
Microsoft Endpoint Manager: Create & Audit an ASR Policy

Microsoft Endpoint Manager: Create & Audit an ASR Policy

IntroductionThis is John Barbare and I am a Sr Premier Field Engineer at Microsoft focusing on all things in the Cybersecurity space. In this tutorial I will walk you through the steps of creating an Attack Surface Reduction (ASR) rule ... continue reading
Diagram showing X64 stage 1 address translation from virtual address to guest physical address

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Attackers, confronted by security technologies that prevent memory corruption, like Code Integrity (CI) and Control Flow Guard (CFG), are expectedly shifting their techniques towards data corruption. Attackers use data corruption techniques to target system security policy, escalate privileges, tamper with ... continue reading