Using graphs to track down Identity Snowball Attacks with Azure Sentinel

Attackers have been abusing the functionality of Kerberos for a while and it has been a tough challenge to mitigate these kind of attacks. In 2009, Microsoft released a whitepaper called ”Heat-Ray”, where they explained this attack in to the details. Identity Snowball Attack leverages the users logged in to a first compromised machine toContinue reading “Using graphs to track down Identity Snowball Attacks with Azure Sentinel”

Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket

Defender ATP is an EDR solution of Microsoft that provides multiple security features to mitigate threats on endpoints. (e.g. workstations and servers) What’s cool about Defender ATP is, that it leverages the power of the Cloud, combined with ”machine learning” and ”user behavior analytics” to provide all the necessary protection to (connected) endpoints. Defender ATPContinue reading “Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket”