@patricksamhaber.bsky.social
Reposted
If you have read about the whole conditional access bypass for compliant devices make sure you read the full research presented by @TEMP43487580 at BHEU.
Great detail and great tooling. Don't just use the other POC.
www.blackhat.com/eu-24/briefi...
Great detail and great tooling. Don't just use the other POC.
www.blackhat.com/eu-24/briefi...
Black Hat Europe 2024
Black Hat Europe 2024
www.blackhat.com
January 4, 2025 at 7:20 PM
If you have read about the whole conditional access bypass for compliant devices make sure you read the full research presented by @TEMP43487580 at BHEU.
Great detail and great tooling. Don't just use the other POC.
www.blackhat.com/eu-24/briefi...
Great detail and great tooling. Don't just use the other POC.
www.blackhat.com/eu-24/briefi...
Reposted
I'm creating a proactive Defender AV performance monitoring solution, and we can now query potential AV impacts! :)
This uses a script (Live response, Intune, etc) to send MPLog EstimatedImpact events to Log Analytics via Logs Ingestion API
Setup/script:
github.com/nathanmcn...
This uses a script (Live response, Intune, etc) to send MPLog EstimatedImpact events to Log Analytics via Logs Ingestion API
Setup/script:
github.com/nathanmcn...
December 23, 2024 at 11:23 PM
I'm creating a proactive Defender AV performance monitoring solution, and we can now query potential AV impacts! :)
This uses a script (Live response, Intune, etc) to send MPLog EstimatedImpact events to Log Analytics via Logs Ingestion API
Setup/script:
github.com/nathanmcn...
This uses a script (Live response, Intune, etc) to send MPLog EstimatedImpact events to Log Analytics via Logs Ingestion API
Setup/script:
github.com/nathanmcn...