Category: Microsoft Defender for Office
Fear of configuring the outbound anti-spam policy [with KQL]
What is the out-bound spam policy Exchange Online Protection allows us to define an outbound spam policy. In many environments I encounter, the outbound spam policy is often left at its default settings. This means that any email address can potentially send unlimited emails externally and internally (restricted to 0 an hour), and might also […]
Teams Nation 2024: Phishing attack using Microsoft Teams
Cyber threats are always evolving. In the past couple of months, there has been a large increase in phishing messages sent using Microsoft Teams. Louis and Thijs work in a Security Operations Center and handle these types of attacks daily. During this session we will cover the following: – Some real-world example of an attack– […]
Impersonation protected user upload script
Impersonation is when the sender of an email message looks similar to a real or expected sender’s email address. Attackers often use impersonated sender email addresses in phishing or other types of attacks to gain the trust of the recipient. User impersonation: Contains subtle differences in the email alias. For example, louiis@gmail.com impersonates louis@gmail.com. Anti-phishing Microsoft […]
Cloud Tech Tallin 2024
Speaker session about incident response using Microsoft Defender at Cloud Technology Townhall Tallinn (cloudtechtallinn.com)
🔒 Exciting Insights from the Belgian Microsoft Cloud & Security Community Event! 🔍
Had an incredible time at the recent Belgian Microsoft Cloud & Security Community Event, and I’m thrilled to share highlights from the event in my latest video! 🌐 Organizer Spotlight: Michael Van Horenbeeck Michael provided invaluable insights into what makes the community thrive and the incredible impact it has on fostering collaboration in the Microsoft […]
Come Get IT podcast
On 25 May, my colleague Thijs Lecomte & and I were guest at Come get IT. Sander Bruijs & Martijn Verheij, hosts of the podcast, invited us after hearing our talk about Incident Response using Microsoft Technology. You can listen to podcast via this link with timestamp 43:48CGIT Extra – Experts Live! 2023 – Come […]
Vlaanderen.be your SPF is a phishing problem!
A massive phishing campaign is targeting vlaanderen.be, impersonating their domain. It is common for phishing campaigns to impersonate government domains. However, during my investigation, I observed that the attackers were sending phishing emails from an IP address that was listed in the SPF record of vlaanderen.be. This video showcases the steps taken during the investigation […]
Insider Threat: Malicious admin reading your emails!
Email privacy is a very sensitive subject. Permissions to inboxes are heavily managed and it’s a very bad idea to give yourself as an IT Admin permissions to a mailbox of an end-user. There are multiple options to get access to the content of a mailbox, but some are more stealthy than others. In this […]