Infosec Practitioner
Recently, SentinelOne had a blog post about how Lockbit Ransomware was using Windows Defender to side load Cobalt Strike. Considering that this technique I sat down to write up a query(that is available at my Github here) for a custom detection of this procedure based off the information in the SentinelOne Blog post. Here I…
Recently, I have been wondering why a site such as mail[.]ru(and it’s subdomains) is being blocked by Microsoft Exploit Guard’s Network Protection setting and not Umbrella. Considering that Network Protection does not give an actual block page, and instead a generic access denied page, it seems that the order of things were to blame. I…
Identity is the new perimeter. We keep hearing that, especially from Microsoft. Unfortunately, they have not completely bought into this in their Defender suite of security products. Microsoft Defender security products are nice. They work decently, Gartner likes them, but there is a problem with them. They focus on the device too much as far…