DNS Flood Attack. This is a type of Distributed Denial of Service (DDoS) attack where the attacker floods a particular domain’s DNS servers with a vast amount of unwanted traffic. This is often done by using maliciously constructed DNS requests or by flooding the DNS server with requests from a lot of different IP addresses. […]

This post is a summary for Defender for Endpoint security settings management, also known as Unified Settings Management. It will walk through all necessary steps to understand, plan, setup and use the features. Furthermore I will give recommendations for field deployments, tips and more. There are already some good posts on this topic, but I […]

Azure Arc allows certain on-premises resources, typically servers, to be managed from Azure, depending on the configuration mode selected and currently available features. While this allows for a more integrated approach to hybrid environments, it also further blurs the administrative boundary between on-premises and cloud. This increases the risk that a vulnerability on either side […]

Automating incident response queries is one of the quick wins you can implement in Microsoft Sentinel. This allows you to automate incident enrichment and further investigations. The first blog of the Sentinel Automation Series will explain how you can quickly implement this in your environment. This is done based on automation rules and Playbooks (Logic […]

With more than 800,000 organizations depending on Microsoft Entra to navigate the constantly evolving identity and network access threat landscape, the need for increased transparency regarding product updates — particularly changes you may need to take action on — is critical. Thrilled to announce the public preview of What’s New in Microsoft Entra. This new […]

MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser adeptly scans supported logs, such as auth.log for example, extract critical details including SSH logins, user creations, event […]

In recent years, enterprises attack surface has exploded in volume and diversification. Security teams are struggling to keep pace with the technological advancements and changes occurring daily. New technologies, emerging work trends (such as remote work and distributed teams), expansion of the supply chain, cloud adoption, and more have led to an exponential growth in […]

The best way help SOC analyst to hunting phishing and able to delete a specific email from all mailboxes in Microsoft 365 is with PowerShell. Sending a warning message to users, advising them not to click on the message and to delete it, is an option. However, it’s often the case that users overlook or […]

After setting up DKIM in Microsoft Defender for Office 365, it is also important to set up frequent rotation of these DKIM keys to prevent adversaries from intercepting and decrypting your cryptographic keys. Key rotation helps to minimize the risk of compromising the private keys. In Microsoft 365, you can rotate DKIM keys for your […]

We all know that any user in Microsoft Entra ID can read the users’ details and directory information using Entra ID portal, PowerShell, and Graph API Explorer. Although restricted from making changes, non-admins can still explore user information, group details, device details, etc. This poses a big security issue as hackers always exploit the least […]

This repository is an effort to provide ready-made detection and hunting queries (and more) in order to help analysts and threat hunters harness the power of KQL in Microsoft Sentinel and Microsoft Defender XDR.

The Traffic Light Protocol (TLP) is a system for classifying sensitive information created in the early 2000s by the UK Government’s National Infrastructure Security Co-ordination Centre, in order to encourage greater sharing of sensitive information. It is also being championed in the US by the Cybersecurity and Infrastructure Security Agency (CISA).

Microsoft Sentinel lets you import threat indicators, enhancing your security analysts’ ability to detect and prioritize known threats. You can stream threat indicators to Microsoft Sentinel using one of the integrated Threat Intelligence Platform (TIP) products, connect to TAXII servers, or directly integrate with the Microsoft Graph Security Indicators API.

Plan for insider risk management Insider Risk Management Roles Role Description Microsoft Entra ID Global Administrator – Has full control over all Microsoft Entra and Microsoft Purview features, including Insider Risk Management.

The Microsoft Zero Trust Adoption Framework now includes a tracker for implementers (Excel).