PICKED BY MODERN SECURITY

LATEST ARTICLES

Connect WITH MODERN SECURITY

Stay in the Loop

Read all articles

Active Directory Security Hardening

Detecting and mitigating Active Directory compromises: a comprehensive guide

Active Directory (AD) is the backbone of identity and access management for most enterprises, making it a prime target for cyberattacks. As a crucial part of managing permissions, users, and systems within a network, securing Active Directory is essential for cybersecurity. When compromised, AD can give attackers control over the entire network, leading to data theft,…
Microsoft deprecates NTLM

Microsoft deprecates NTLM and why this is an important step

Microsoft deprecates NTLM (New Technology LAN Manager) and recommends transitioning to Kerberos as the primary authentication protocol. Kerberos is known for its enhanced cryptography and server authentication capabilities compared to NTLM. https://aka.ms/ntlm With the deprecation of NTLM, the method of cracking NTLM hashes from Active Directory will become obsolete.…

SOC Optimization in Microsoft Sentinel

Microsoft Sentinel is a next-generation cloud-native Security Information and Event Management (SIEM) solution, enriched by AI and threat intelligence. It delivers end-to-end protection across the multicloud, multiplatform digital estate. With industry-leading innovations focused on SOC productivity, efficient threat investigations, and cost optimizations,…
Unified Security Operations Platform

Microsoft Unified Security Operations Platform

In today’s complex threat landscape, security teams face an uphill battle. They grapple with vast amounts of data from various sources, leading to slower threat response, increased learning curves, and fragmented insights. Managing the costs associated with data handling remains a significant challenge. Enter Microsoft’s Unified Security Operations Platform, a…
Security Exposure Management

Microsoft Security Exposure Management

Microsoft unveiled its Security Exposure Management on March 13, 2024. The solution was developed in response to increasing concerns about various types of exposures, such as software vulnerabilities, misconfigured controls, excessive access privileges, and emerging threats that could lead to the exposure of sensitive data. The conventional method of vulnerability management…

Protecting against QR Code Phishing (Quishing)

As part of our SOC team, we’ve witnessed a significant surge in QR Code Phishing incidents over the past year. In this article, we’ll delve into the fundamentals of QR code phishing and provide actionable steps to safeguard against this growing threat. Notably, both offensive and defensive capabilities have evolved, including powerful tools like Evilginx (read my blogpost…
evilginx3 gophish

AiTM / MFA phishing attacks with Evilginx3 and Gophish

I’ve been a user of Evilginx for quite a few years. It’s an awesome tool, very impressive in its functionality, and still a valid solution for capturing users and their tokens. All the credit goes to Kuba Gretzky for his impressive work on Evilginx2 and now Evilginx3. That being said, I always find Evilginx great as a one-off solution, but what if you want to…
SPF, DKIM and DMARC

SPF, DKIM and DMARC

As of Feb. 1, 2024, Google has announced that they are going to make some changes to their security guidelines in Gmail regarding email senders. How exactly they are going to implement this is not 100% clear yet because this policy only applies to companies that send more than 5,000 emails per day to Gmail. But is this all of a sudden? And how does this affect other senders…

Monitoring admin roles in LogAnalytics

When it gets to know your environment, I always want to know who added admin roles to a user account. At least, I like to know who added which user to an admin role. But… In LogAnalytics you’ll find AuditLogs, but what to do you need to check? Do I find PIM activations interesting? Probably not. Do I want to all see PIM elevations? Maybe. What I do find…

Manage Microsoft Sentinel with Workspace Manager

Recently I came across a new feature, that is kinda welcome as a basic Sentinel user. Normally we automate things through BICEP or DevOps, but now this can be done on a MSSP-based way of working in the portal (together with Lighthouse). The feature is called Workspace Manager and can be found in the settings / settings in your Sentinel Workspace. You’ll have to keep in…

Must Learn KQL

If you’re into Microsoft Sentinel I can really recommend you buy the book from Rod Trent called “Must Learn KQL”. Recently bought the paperback and it’s a nice book to have in pocket if you need a swiss knife into KQL. KQL is a language that will become more- and more important if you’re working from Sentinel and it’s services. Do not…

New website

For a while, I managed several tech blogs, but due to time constraints, I had to let them go. Now, I’m eager to set one up again, focusing primarily on security. It won’t be your typical website; rather, it’ll incorporate more modern security elements. I’m particularly enthusiastic about the current Microsoft ecosystem, so expect posts covering…