Robbe Van den Daele
@robbevddaele.bsky.social
SSCP | MC2MC | Security Consultant & SOC Engineer
Do not forget to tag the Exchange Trusted Subsystem, Exchange Windows Permission, and Organization Management groups as sensitive in #MDI if you have on-premise exchange without the split permission model. These groups are not tagged as sensitive by default by MDI.
March 9, 2025 at 1:15 PM
Do not forget to tag the Exchange Trusted Subsystem, Exchange Windows Permission, and Organization Management groups as sensitive in #MDI if you have on-premise exchange without the split permission model. These groups are not tagged as sensitive by default by MDI.
Detections to find ADWS requests from unexpected binaries on the source devices already exist. But if an unknown device found a way to connect to ADWS, these cannot be used. Rather than flagging all ADWS requests, you can flag them from unknown source devices:
#DefenderXDR #KQL
#DefenderXDR #KQL
March 6, 2025 at 5:20 AM
Detections to find ADWS requests from unexpected binaries on the source devices already exist. But if an unknown device found a way to connect to ADWS, these cannot be used. Rather than flagging all ADWS requests, you can flag them from unknown source devices:
#DefenderXDR #KQL
#DefenderXDR #KQL
OnePlus OxygenOS 14.1 seems to support third-pary passkey providers again, allowing us to use passkeys in #Microsoft #EntraID again. 👀
December 1, 2024 at 10:50 AM
OnePlus OxygenOS 14.1 seems to support third-pary passkey providers again, allowing us to use passkeys in #Microsoft #EntraID again. 👀