Introduction: I have recently blogged about hunting for techniques used by APT41, which only contains a few techniques. Since I wanted to expand this. I’ve decided to create an emulation plan for Blue Teamers. The reason behind this blog post is mainly due to the fact, that I got inspired by MITRE Engenuity Center forContinue reading “APT41 Emulation Plan”
Introduction Today we are going to cover a few techniques that have been used by APT41. During this blog post, we will use the Advanced Hunting feature in Microsoft Defender ATP to hunt for the described techniques. APT41 is a group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity. ThisContinue reading “Hunting for techniques used by APT41”
Introduction: The majority of organizations are operating in a hybrid state, which means that a lot of organizations still have to deal with their On-Premises Active Directory environment. Active Directory exists for more than a decade, but it hasn’t always been secured properly. Multiple changes are configured everyday, and it’s hard to find out, whichContinue reading “Securing On-Premises AD with Azure Sentinel”
Introduction: I’ve been lately diving into different escalation paths in Azure AD and what I’ve realized is, that it’s possible to take-over a Global Admin account. Once a user is part of a directory role that’s called Privileged Authentication Administrator. This role is described by Microsoft as the following: As Microsoft has documented it soContinue reading “Treat your Privileged Authentication Admins as Global Admins”
Introduction: I’ve been digging into KQL for a quite some time, and I often get the question if I could help someone out with building a KQL query. This has motivated me to release a first edition of KQL Internals, which has received a lot of positive feedback from the community. KQL Internals is aContinue reading “Become a KQL Ninja”
Something went wrong. Please refresh the page and/or try again.