I’ve written about security products previously, laying out the framing that security products combine sensors and throttles with threat intelligence to provide protection against threats. As…| text/plain
Before starting let’s understand a few steps of threat investigation and attackers’ mindset. Whenever attacker breaches a system or try to all logs are generated as Events and Incidents which can be fetched into SIEM tools like MS Sentinel , Qradar. These behaviours can be summarised into TTP viz Tactics : The high level description of the behaviour and strategy of a threat actor.It means how they behave across the different stages of the cyberattack kill chain. Usually these stages inclu...| hugs4bugs
Since the first days of the web, users and administrators have sought to control the flow of information from the Internet to the local device. There are many different ways to implement internet f…| text/plain
The vast majority of cyberthreats arrive via one of two related sources: That means that by combining network-level sensors and throttles with threat intelligence (about attacker sites), security s…| text/plain
Let's have a quick look at how you can start Intune security baseline Microsoft Defender policy troubleshooting. In the previous blog post, I have already| How to Manage Devices Community Blog Modern Device Management Guides
The epic documentary becomes the epix exhibit! Here’s what happened.| The History of How We Play
Our great Canada Road Trip in Gimli the Land Rover Defender. Follow along as we drive Coast to Coast, with a few breakdowns along the way.| Where IS The World
Everything you need to know about our Land Rover Defender 110 Camper| Where IS The World
A new employee gets a call from the “IT department”, who is actually a malicious actor. They get a TeamViewer connection and launch a Merlin C2 agent. I’ll see through the logs the processes it runs, where Defender catches it, and how it tries to mess with forensics by constantly changing the system time.| 0xdf hacks stuff