@bit-ronin.bsky.social
Reposted
Red Teamers, I'm starting off my bsky tips with a banger: using pending file change operations in the Registry to rename executables and indirectly disable AV/EDR!
If the EDR has tamper protection, make a junction to the EXE first!
Here's your PowerShell command: pastebin.com/Jikaicm1
If the EDR has tamper protection, make a junction to the EXE first!
Here's your PowerShell command: pastebin.com/Jikaicm1
AV/EDR Disable via File Rename Operations in the Registry - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com
January 23, 2025 at 4:35 PM
Red Teamers, I'm starting off my bsky tips with a banger: using pending file change operations in the Registry to rename executables and indirectly disable AV/EDR!
If the EDR has tamper protection, make a junction to the EXE first!
Here's your PowerShell command: pastebin.com/Jikaicm1
If the EDR has tamper protection, make a junction to the EXE first!
Here's your PowerShell command: pastebin.com/Jikaicm1
Reposted
In this video, I share a PowerShell script to back up CA policies. Protect your configurations—stay safe from accidental changes or cyberattacks!
Take control of your security and stay prepared! 🔒
youtu.be/3zgsyWFhAnM
#EntraID #Microsoft #Security #YouTubeVideo
Take control of your security and stay prepared! 🔒
youtu.be/3zgsyWFhAnM
#EntraID #Microsoft #Security #YouTubeVideo
Entra ID - Export Conditional Access Policies
YouTube video by Julian Rasmussen MVP
youtu.be
February 28, 2025 at 2:38 PM
In this video, I share a PowerShell script to back up CA policies. Protect your configurations—stay safe from accidental changes or cyberattacks!
Take control of your security and stay prepared! 🔒
youtu.be/3zgsyWFhAnM
#EntraID #Microsoft #Security #YouTubeVideo
Take control of your security and stay prepared! 🔒
youtu.be/3zgsyWFhAnM
#EntraID #Microsoft #Security #YouTubeVideo
Reposted
Secure Microsoft Edge Browser
#MSIntune #Microsoft #Windows #MicrosoftSecurity
txtechsquad.com/2025/01/13/s...
#MSIntune #Microsoft #Windows #MicrosoftSecurity
txtechsquad.com/2025/01/13/s...
Secure Microsoft Edge Browser – Texas Tech Squad
txtechsquad.com
January 14, 2025 at 2:24 AM
Secure Microsoft Edge Browser
#MSIntune #Microsoft #Windows #MicrosoftSecurity
txtechsquad.com/2025/01/13/s...
#MSIntune #Microsoft #Windows #MicrosoftSecurity
txtechsquad.com/2025/01/13/s...
Reposted
Miss last week's Defender and Sentinel newsletter? Catch up now!
Microsoft SIEM and XDR Weekly Wrap - Issue #21 microsoftdefender.su...
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
Microsoft SIEM and XDR Weekly Wrap - Issue #21 microsoftdefender.su...
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
January 14, 2025 at 8:00 AM
Miss last week's Defender and Sentinel newsletter? Catch up now!
Microsoft SIEM and XDR Weekly Wrap - Issue #21 microsoftdefender.su...
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
Microsoft SIEM and XDR Weekly Wrap - Issue #21 microsoftdefender.su...
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
Reposted
Microsoft SIEM and XDR Weekly Wrap - Issue #21 microsoftdefender.su...
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
January 10, 2025 at 12:30 PM
Microsoft SIEM and XDR Weekly Wrap - Issue #21 microsoftdefender.su...
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR #MicrosoftDefender #MicrosoftThreatIntelligence
Reposted
Entra Private Access: Creating New Connectors Made Easy
Full video: https://buff.ly/40k4S8t
#Microsoft #Azure #EntraID #CloudComputing #NetworkSecurity #TechTutorial #MVPBuzz
Full video: https://buff.ly/40k4S8t
#Microsoft #Azure #EntraID #CloudComputing #NetworkSecurity #TechTutorial #MVPBuzz
January 10, 2025 at 4:00 PM
Entra Private Access: Creating New Connectors Made Easy
Full video: https://buff.ly/40k4S8t
#Microsoft #Azure #EntraID #CloudComputing #NetworkSecurity #TechTutorial #MVPBuzz
Full video: https://buff.ly/40k4S8t
#Microsoft #Azure #EntraID #CloudComputing #NetworkSecurity #TechTutorial #MVPBuzz
Reposted
Why should you do this?
You get the option to protect your resources behind the compliant network control by configuring a Conditional Access policy
-> learn.microsoft.com/en-us/entra/...
This policy is regarding to my tests really powerful to protect against replayed tokens.
3/4
You get the option to protect your resources behind the compliant network control by configuring a Conditional Access policy
-> learn.microsoft.com/en-us/entra/...
This policy is regarding to my tests really powerful to protect against replayed tokens.
3/4
Enable Compliant Network Check with Conditional Access - Global Secure Access
Learn how to require known compliant network locations in order to connect to your secured resources with Conditional Access.
learn.microsoft.com
January 10, 2025 at 7:09 PM
Why should you do this?
You get the option to protect your resources behind the compliant network control by configuring a Conditional Access policy
-> learn.microsoft.com/en-us/entra/...
This policy is regarding to my tests really powerful to protect against replayed tokens.
3/4
You get the option to protect your resources behind the compliant network control by configuring a Conditional Access policy
-> learn.microsoft.com/en-us/entra/...
This policy is regarding to my tests really powerful to protect against replayed tokens.
3/4
Reposted
Global Secure Access and Token Replay - a thread...
Did you know that "Microsoft Entra Internet Access for Microsoft" is included in your Entra ID P1 license?
-> learn.microsoft.com/en-us/entra/...
1/4
Did you know that "Microsoft Entra Internet Access for Microsoft" is included in your Entra ID P1 license?
-> learn.microsoft.com/en-us/entra/...
1/4
What is Global Secure Access? - Global Secure Access
Learn how Microsoft's Security Service Edge (SSE) solution, Global Secure Access, provides network access control and visibility to users and devices inside and outside a traditional office.
learn.microsoft.com
January 10, 2025 at 7:09 PM
Global Secure Access and Token Replay - a thread...
Did you know that "Microsoft Entra Internet Access for Microsoft" is included in your Entra ID P1 license?
-> learn.microsoft.com/en-us/entra/...
1/4
Did you know that "Microsoft Entra Internet Access for Microsoft" is included in your Entra ID P1 license?
-> learn.microsoft.com/en-us/entra/...
1/4
Reposted
Cybersecurity for Beginners – a curriculum
🔗 microsoft.github.io/Security-101...
This course is designed to teach you fundamental cyber security concepts to kick-start your security learning. It is vendor agnostic and is divided into small lessons.
#Security #CyberSecurity #MicrosoftSecurity
🔗 microsoft.github.io/Security-101...
This course is designed to teach you fundamental cyber security concepts to kick-start your security learning. It is vendor agnostic and is divided into small lessons.
#Security #CyberSecurity #MicrosoftSecurity
January 11, 2025 at 4:08 PM
Cybersecurity for Beginners – a curriculum
🔗 microsoft.github.io/Security-101...
This course is designed to teach you fundamental cyber security concepts to kick-start your security learning. It is vendor agnostic and is divided into small lessons.
#Security #CyberSecurity #MicrosoftSecurity
🔗 microsoft.github.io/Security-101...
This course is designed to teach you fundamental cyber security concepts to kick-start your security learning. It is vendor agnostic and is divided into small lessons.
#Security #CyberSecurity #MicrosoftSecurity
Reposted
ADFS — Living in the Legacy of DRS
ADFS (Active Directory Federation Services) is still widely used despite Microsoft's efforts to move customers to Entra ID. ADFS has an OAuth2 provider under the hood, which is often overlooked in favor of SAML token generation. To set…
#hackernews #microsoft #ml
ADFS (Active Directory Federation Services) is still widely used despite Microsoft's efforts to move customers to Entra ID. ADFS has an OAuth2 provider under the hood, which is often overlooked in favor of SAML token generation. To set…
#hackernews #microsoft #ml
ADFS — Living in the Legacy of DRS
ADFS (Active Directory Federation Services) is still widely used despite Microsoft's efforts to move customers to Entra ID. ADFS has an OAuth2 provider under the hood, which is often overlooked in favor of SAML token generation. To set up an OAuth2 integration in ADFS, you create an Application Group and configure a client and server. The Client Identifier is used to identify the client configuration, and you need to configure CORS to allow the client to make requests to ADFS. Device Registration Services (DRS) is a feature in ADFS that allows devices to register and authenticate with the service. DRS is often used in Entra ID Hybrid Join scenarios, but it can also be used standalone on-premises. To enable DRS, you need to deploy the prerequisites in Active Directory and configure the Device Authentication method. ADFS has different authentication methods, including Forms Authentication, Windows Authentication, and Device Authentication, which can be enabled or disabled depending on the configuration. The Device Authentication method can be enumerated by making requests to the ADFS endpoint with specific parameters. The msDS-Device object in LDAP stores information about registered devices, including the public key of the Device Authentication certificate and the SID of the user account used to create the device registration.
securityboulevard.com
January 11, 2025 at 5:15 PM
ADFS — Living in the Legacy of DRS
ADFS (Active Directory Federation Services) is still widely used despite Microsoft's efforts to move customers to Entra ID. ADFS has an OAuth2 provider under the hood, which is often overlooked in favor of SAML token generation. To set…
#hackernews #microsoft #ml
ADFS (Active Directory Federation Services) is still widely used despite Microsoft's efforts to move customers to Entra ID. ADFS has an OAuth2 provider under the hood, which is often overlooked in favor of SAML token generation. To set…
#hackernews #microsoft #ml
Reposted
🚀 I've written a #Azure #Automation #Runbook to check expiring #Clientsecrets and #Certificates on #Entra #Applications with #Email notification to owners
bit.ly/4gPjBhs
bit.ly/4gPjBhs
January 11, 2025 at 7:14 AM
🚀 I've written a #Azure #Automation #Runbook to check expiring #Clientsecrets and #Certificates on #Entra #Applications with #Email notification to owners
bit.ly/4gPjBhs
bit.ly/4gPjBhs
Reposted
The Zero Trust Reference Model from The Open Group is published at- publications.opengroup.org/s232
Zero Trust Reference Model (Snapshot)
The subject of this Snapshot document is the specification of a Zero Trust Reference Model, an aggregate of a set of models associated with Zero Trust Architecture.
This Snapshot document is valid th...
publications.opengroup.org
November 12, 2024 at 10:38 AM
The Zero Trust Reference Model from The Open Group is published at- publications.opengroup.org/s232
Reposted
Do you have to do everything in cybersecurity right away?
No!
Security is a journey and something that you do (not something you have).
There is (and always will be) more to be done than anyone can plan and execute in the short term.
No!
Security is a journey and something that you do (not something you have).
There is (and always will be) more to be done than anyone can plan and execute in the short term.
November 24, 2024 at 4:56 PM
Do you have to do everything in cybersecurity right away?
No!
Security is a journey and something that you do (not something you have).
There is (and always will be) more to be done than anyone can plan and execute in the short term.
No!
Security is a journey and something that you do (not something you have).
There is (and always will be) more to be done than anyone can plan and execute in the short term.
Reposted
🚨Local Administrator Protection
This new feature introduces a hidden, just-in-time elevation mechanism that unlocks admin rights only when needed instead of using the legacy admin approval mode (Spit-Token AKA Clark Kent mode).Curious how it works?
patchmypc.com/local-admini...
#Intune #Windows11
This new feature introduces a hidden, just-in-time elevation mechanism that unlocks admin rights only when needed instead of using the legacy admin approval mode (Spit-Token AKA Clark Kent mode).Curious how it works?
patchmypc.com/local-admini...
#Intune #Windows11
November 9, 2024 at 10:49 AM
🚨Local Administrator Protection
This new feature introduces a hidden, just-in-time elevation mechanism that unlocks admin rights only when needed instead of using the legacy admin approval mode (Spit-Token AKA Clark Kent mode).Curious how it works?
patchmypc.com/local-admini...
#Intune #Windows11
This new feature introduces a hidden, just-in-time elevation mechanism that unlocks admin rights only when needed instead of using the legacy admin approval mode (Spit-Token AKA Clark Kent mode).Curious how it works?
patchmypc.com/local-admini...
#Intune #Windows11
Reposted
Have you watched this video from @michaelepping.com and @markmorow.com www.youtube.com/watch?v=NEoK...
Best Practices for Deploying Platform SSO with Microsoft Entra ID–Michael Epping, Mark Morowczynski
YouTube video by MacAdmins Conference
www.youtube.com
November 5, 2024 at 8:22 PM
Have you watched this video from @michaelepping.com and @markmorow.com www.youtube.com/watch?v=NEoK...
Reposted
I wrote a blog for Practical 365 about the Conditional Access Blueprint; an open-source security framework I developed. Check it out!
practical365.com/four-practic...
practical365.com/four-practic...
Four Practical Tools and Strategies for Success with Conditional Access Policies
Many organizations still find it challenging to implement Conditional Access effectively. Luckily, there is a solution for this. In this blog, we share a new open-source framework, introducing 4 tools...
practical365.com
November 9, 2024 at 7:05 AM
I wrote a blog for Practical 365 about the Conditional Access Blueprint; an open-source security framework I developed. Check it out!
practical365.com/four-practic...
practical365.com/four-practic...
Reposted
Microsoft Zero Trust Workshop - Youtube PlayList
A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.
#MicrosoftSecurity
youtube.com/playlist?lis...
A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.
#MicrosoftSecurity
youtube.com/playlist?lis...
Microsoft Zero Trust Workshop - YouTube
youtube.com
November 9, 2024 at 5:13 PM
Microsoft Zero Trust Workshop - Youtube PlayList
A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.
#MicrosoftSecurity
youtube.com/playlist?lis...
A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.
#MicrosoftSecurity
youtube.com/playlist?lis...