Browsed by
Category: Microsoft Defender

Honeypot: The Last Reconnaissance

Honeypot: The Last Reconnaissance

After reading this fantastic article on the Technet Community about the Attack Kill Chain, I realized I still needed to get this blog out. This blog will be about how you could set up some simple honeypot detections by creating some canary accounts to make sure you are protected against some insider threats. I am going to divide this blog into multiple parts: 1.Introduction 2.Honeypot document 3.Creating the document 4.Logging with alert policies 5.Logging with mcas policies 6.Results 1.Introduction Making…

Read More Read More

This is Network Protection: The sort of Sequel to Exploit Protection

This is Network Protection: The sort of Sequel to Exploit Protection

This blog will be the 8th part in the Endpoint Security series and will be about Windows Defender Exploit Guard Network Protection WDEG-NP. I will divide this blog into 6 parts Information about network protection and the requirements Configure Microsoft Defender network protection (Smartscreen) for Edge Configure Microsoft Smartscreen for Explorer Configure Microsoft Smartscreen for Internet Explore. NO! just block IE! Logging / Testing Conclusion 1.Information about Network protection Microsoft Defender Exploit Guard Network Protection (MDEG-NP) extends the malware and…

Read More Read More

A walk among the Credential Guards

A walk among the Credential Guards

This blog is the ninth part of the Endpoint security series. It will be about implementing Credential Guard and some insights. While writing the blog I added some more important stuff  I will divide this blog into multiple parts  Information about credential guard and his/her “predecessor”  Credential Guard vs Device Guard vs ASR Rules   Enable Credential Guard with Intune Endpoint Security  Enable Credential Guard with a CSP  Enable Credential Guard with PowerShell  What is Remote Credential Guard  The Problem  Results when credential Guard should be working  Testing Credential Guard with Mimikatz  Disabling Credential Guard  Conclusion 1.Information…

Read More Read More

The Exploit Protection Between us

The Exploit Protection Between us

This blog is the fifth part of the Endpoint Security Series and will be about Microsoft Defender Exploit Protection. Just like always, I need to divide this blog into multiple parts, so we can get a good understanding of what Exploit Protection is and how it works or doesn’t work Information about Exploit Protection First Look at Exploit Protection Deploy it with a Security Baseline? Configure EP in Intune Checking the configuration Event Logging Testing it! Removing EP! Conclusion 1.   …

Read More Read More