Has anyone tried this approach of using a custom CSS template in
Microsoft Entra ID Company Branding, to trigger a logic that detects
when a user visited a Microsoft login page via an AitM site / proxy ?
The process is explained here:AitM detection with Sentinel via custom
CSS (hybridbrothers.com) B...
This KQL query for "MDE Advanced Hunting query for known vulnerable
drivers using the community and Microsoft lists" is throwing errors
Tried executing the function "indicatorsFromMsft" separately to get the
list of vulnerable drivers but still error.
@acmartin635 WHQL is not a security certificate, nor does it guarantee
more security than non-WHQL certified drivers. This is the official
explanation: Driver packages that pass Windows Hardware Lab Kit (HLK)
testing can be digitally-signed by WHQL. It's just a Windows
compatibility certification. A...
This is only 1/2 of the problem. While adding "detections" around the
exploitation of vulnerable drivers to prevent malicious attacks (think
Ransomware/Trojan/C2/etc), what is not addressed here is the INTENTIONAL
use of vuln. drivers to circumvent security within the system.One of the
main uses for...
Hi, great blog post! I have an article that shifts the defense from
blacklisting to whitelisting for more secure outcome
https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection
I also provide tooling and automation for it
https://github.com/HotCakeX...
Latest Comments