IT-Pirate – Page 2 – Ahoy Sailor! Welcome Aboard!

Azure ATP: Golden Ticket Attack – Understanding Kerberos

Captain / 24. August 2018 / 0 Comments / Azure, MDI, Security

Pirate,

many enterprise IT departments these days are afraid of golden ticket or pass the ticket attacks -which is good because privilege escalation and privileged account exploitation are at the center of cyber attacks as we see them. Attackers crash through the network perimeter, hijack credentials and use them to move laterally throughout the network, taking additional credentials and escalating privileges along the way to accomplish their goals. In this blog series we will have a look at kerberos golden ticket and silver ticket attacks. I’ll try my best to explain how it works and how Azure ATP / Advanced Threat Analytics can help to detect.

Microsoft Cybersecurity Reference Architecture

Captain / 17. August 2018 / 0 Comments / Security

Pirate,

in June 2018, Mark Simos who works as Lead Architect, Enterprise Cybersecurity Group at Microsoft published the updated “Cybersecurity Reference Architecture”. I find this a very valuable collection of architectural information as it often gives a good impression of the big picture approach. As there is a webcast coming up, where Mark is going to explain the design and how you as a architect or systems engineer can use this reference architecture, I decided to wrap that information up in a blogpost.

Windows Defender ATP: Sticky Keys binary hijack detected

Captain / 16. August 2018 / 1 Comment / MDE, Security

Pirate,

we recently had a customer that was affected by a sticky keys attack. That made my team and myself dig deeper in how you can prevent these kind of attacks. The best way to protect is easier than you might expect…

Attack Simulator for Office 365 Threat Intelligence – Password Spray Attack

Captain / 14. August 2018 / 0 Comments / Office365, Security

Pirate,

the third attack simulation method is a password spray attack. In a password-spray attack, a hacker tests a single password against multiple user accounts at an organization. The method often involves weak passwords, such as Winter2018 or Password123!, and can be an effective hacking technique against organizations that are using single sign-on (SSO) and federated authentication protocols, but that haven’t deployed multi factor authentication.

Attack Simulator for Office 365 Threat Intelligence – Brute Force Password Attack

Captain / 13. August 2018 / 0 Comments / Office365, Security

Pirate,

A Brute Force Attack is the simplest method to gain access to a site or server. It is an automated, trial-and-error method of generating multiple password guesses from a dictionary file against a user’s password. Automated software is used to generate a large number of consecutive guesses as to the value of the desired data. An attack of this nature can be time- and resource-consuming. Hence the name “brute force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.

Attack Simulator for Office 365 Threat Intelligence – Spear Phishing Attack

Captain / 24. April 2018 / 0 Comments / Office365, SecurityTagged: AttackSimulator, Office365, Security

Pirate,

in the first part we had a look into attack simulator and the included scenarios. We discussed which scenario does what in detail and what you need to set up as a preparation. In this blog post we will check out the spear phishing attack that is meant to harvest credentials. Spear phishing is a very common e-mail spoofing attack scenario that targets a specific individual or organization with the goal to get access to sensitive information. Furthermore I have seen this attack method with the intend to install malware on a targeted user’s computer.

Attack Simulator for Office 365 Threat Intelligence – Overview and Preparation

Captain / 23. April 2018 / 0 Comments / Office365, SecurityTagged: AttackSimulator, MFA, Office365

Pirate,

Email spam is once again the most popular choice for sending out malware. Spam has been one of the main infection vectors for decades. During the past few years, it’s gained more popularity against other vectors, as systems are getting more secure against software exploits and vulnerabilities. A recent report of F-Secure reports that spam email click rates have gone up from the 13.4% recorded in the second half of 2017 to 14.2% recorded in the first half of the year. To protect against these attack vectors is nearly impossible as a majority of attacks leads to web pages never seen before and due to the the sheer infinite range of these attack vectors. The only thing that really improves our security level is permanent education of our users.

On ‎02-21-2018 Microsoft has announced the Public Preview of Attack Simulator for Office 365 Threat Intelligence. In preparation of some customer workshops I had a first look into the product that I want to share with you.

Windows Defender ATP: Tenant creation – Part 1

Captain / 30. January 2018 / 0 Comments / MDE, Microsoft 365 Defender

Pirate,

within the last year, we have focused on Windows Defender ATP and ran through several PoCs. I’ve prepared several scenarios for you, where I will guide you trough WDATP from the tenant creation to high end scenarios. In this first post, we will go through the tenant creation process itself.

Windows 10 AppLocker Policies still affect after disabling the service

Captain / 14. January 2018 / 10 Comments / Microsoft 365 Defender

Pirate,

from time to time I consult customers in the configuration of Windows 10 AppLocker. I really love AppLocker because it’s super simple, reliable and enterprise ready in terms of administrative overhead. Furthermore it’s the recommended tool for the configuration of unwanted / not needed apps within Windows 10. But sometimes AppLocker kind of “breaks” my Windows 10 start menu and stops Apps from strarting up. Although the AppLocker enforcement is disabled.

The People’s History of ConfigMgr – Happy 25th Birthday ConfigMgr

Captain / 3. December 2017 / 0 Comments / Community, ConfigMgr

Pirate,

I’m super happy to be part of the “The People’s History of ConfigMgr”. It’s the second half of the “ConfigMgr @ 25” documentary series, and this story is told solely by the ConfigMgr community. For the first time on camera and on the record, a wide variety of ConfigMgr fellows talk openly as they reflect on their good (and terrible) experiences, how it changed the way they work, and what ConfigMgr has meant to their careers — and the industry.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Home

Pirate,