Microsoft Defender for Endpoint custom auditing alerts

As mentioned in one of my previous post about the new auditing logs introduced in Microsoft Defender for Endpoint, I validated and tested several new custom detections that could add great value to your current detections. Custom detection to Sentinel I’m a big fan of using the power and flexibility of Sentinel. The current rules […]

Teams Nation 2024: Phishing attack using Microsoft Teams

Cyber threats are always evolving. In the past couple of months, there has been a large increase in phishing messages sent using Microsoft Teams. Louis and Thijs work in a Security Operations Center and handle these types of attacks daily. During this session we will cover the following: – Some real-world example of an attack– […]

Impersonation protected user upload script

Impersonation is when the sender of an email message looks similar to a real or expected sender’s email address. Attackers often use impersonated sender email addresses in phishing or other types of attacks to gain the trust of the recipient. User impersonation: Contains subtle differences in the email alias. For example, louiis@gmail.com impersonates louis@gmail.com. Anti-phishing Microsoft […]

To expire a password or not to expire?

Let’s discuss one of my more “unpopular” opinions. Microsoft states in its documentation the following: Password expiration requirements do more harm than good because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on […]