Blogs

Microsoft Defender ATP Product Integration

Microsoft Defender ATP is a fantastic product on its own and becomes even more impressive when integration between other Microsoft products takes place. This blog post will explain the advantages of integration with Microsoft Defender ATP and how the products complement each other. Microsoft Defender ATP and Microsoft Office 365 ATP Through threat intelligence sharing, […]

Microsoft Office 365 ATP Attack Simulator

Microsoft Office 365 ATP Attack Simulator is used to determine how end users behave in the event of a phishing attack, and checks for weak passwords within your tenant. In one of my previous blog post, I already mentioned the Attack Simulator, and in this blog post, I will go into the Attack Simulator in […]

Microsoft Office 365 Incident Response using the Portal

A Computer Emergency Response Team (CERT) is a group of information security experts responsible for responding to an organization’s cybersecurity incident. When an event occurs within Office 365, many products can help identify and mitigate the threat, including Microsoft Office 365 Advanced Threat Protection (ATP). Microsoft Office 365 ATP is part of Office 365 E5, […]

Microsoft Azure AD Premium

Every Microsoft 365 tenant contains an Azure AD free edition. The free version includes Core Identity and Access Management, and Business to Business Collaboration. Even though the free edition comes with many features like Multi-Factor Authentication (MFA), Password Protection, Azure AD Connect sync, and Single Sign-On (SSO), Microsoft offers two additional plans called Azure AD Premium P1 and P2. This article will explain […]

Microsoft Office 365 ATP

Every Office 365 tenant, which includes e-mail, is protected by Exchange Online Protection (EOP). EOP is a cloud-based e-mail filtering service that protects against spam and malware. EOP filters inbound and outbound e-mail using rules and policies based on the sender’s reputation, keywords, e-mail address, and sophisticated algorithms. When it comes to phishing, security awareness […]

Microsoft Defender ATP

Gartner named Microsoft as a leader in the endpoint security platform back in 2019. Looking at Microsoft Defender Advanced Threat Protection (ATP) today, the product has evolved even more. Most people may recognize the name Microsoft Defender, but do not know the name ATP. That is because Microsoft Defender ATP is more focussed on the […]

Microsoft PrintDemon vulnerability

PrintDemon (CVE-2020-1048) is a vulnerability that uses the Windows Printer Spooler to escalate privileges, bypass Endpoint Detection & Response (EDR), and gain persistence. The Windows Printer Spooler has a long history of vulnerabilities, including a vulnerability (CVE-2010-2729) used by the well-known Malware called Stuxnet in 2010. A printer must be associated with two attributes: A […]

Microsoft PowerShell Unhide

PowerShell supports a command line parameter “WindowStyle” as shown below. The parameter “WindowStyle” sets the window style for that session. Valid values are Normal, Minimized, Maximized, and Hidden. Most malicious PowerShell scripts run PowerShell with the window style “Hidden”. When the process starts with WindowStyle hidden, no PowerShell console is displayed, so it runs unnoticed […]