by Alex Verboon
Last December Microsoft introduced Microsoft Threat Protection (MTP) including advanced hunting that allows us to run queries across multiple data sources i.e. Microsoft Defender ATP and Office 365 ATP. If you haven’t heard yet about MTP I recommend reading Christian Read More …
On December 16th Joey announced the availability of the PowerShell 7.0 release candidate. Time to look at the configuration options. Since I’m interested in the aspects of managing these settings within an enterprise environment, I closely followed the discussions on Read More …
Since Microsoft introduced WSL (Windows Subsystem for Linux) I’ve been playing with it occasionally, in the beginning however some of the tools I wanted to use like nmap and hping3 would not work due to issues with networking in WSL Read More …
Hey there, to be honest I had some difficulties to find the right title for todays blog post, so if you are still wondering here’s what this is all about. I had a customer asking me “how can we see Read More …
G’day everyone. Today I was working on a Microsoft Security Configuration baseline implementation and while browsing through the Sysvol folder I got the impression that there are less GPO objects stored within AD compared to the number of GPO content Read More …
Update 11 January 2020 – Microsoft has updated the Advanced Hunting Schema, so ComputerName is now DeviceName in the queries. Just recently Microsoft announced that the Defender ATP advanced hunting schema was extended with the following tables: DeviceTvmSoftwareInventoryVulnerabilities DeviceTvmSoftwareVulnerabilitiesKB DeviceTvmSecureConfigurationAssessment Read More …
In the previous post I provided an overview of the history of Windows Defender and an overview of the various features that have the name Windows Defender in them. When then looked at Windows Defender SmartScreen and Windows Defender Cloud Read More …
Note: I have updated the kql queries below, but the screenshots itself still refer to the previous (old) schema names If you’re among those administrators that use Microsoft Defender Advanced Threat Protection, here’s a handy tip how to find out Read More …
Due to my professional activity as a Cyber Security Consultant, I regularly speak with customers about Windows Defender and find that many are not fully aware of all the features and capabilities that Windows Defender offers. Also, when reviewing existing Read More …
Okay there’s this rule , if you do something manually for the third time, it’s about time to think of automating it. Here’s a script that I created to create Group Policy Objects and import the security baseline settings. The Read More …