possibly useful; malcomvetter/WhoDisAn example pattern in C# for watching security events (logon/logoff/privilege) - malcomvetter/WhoDisGitHubmalcomvetter [https://github.com/malcomvetter/WhoDis]…
Manage emergency access admin accounts - Azure ADThis article describes how to use emergency access accounts to help prevent being inadvertently locked out of your Azure Active Directory (Azure AD) organization.Microsoft Docsmarkwahl-msft [https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-emergency-access]…
Great thread here about security and event logging. > If you want to stop an attacker from installing malware or placing a web shell on your Exhange server, you probably should start with ensuring service accounts and admins who have admin on those servers donβt log in to easily phished desktop class systems. β Jessica Payne (@jepayneMSFT) May 9, 2019 [https://twitter.com/jepayneMSFT/status/1126529038913163264?ref_src=twsrc%5Etfw] > If you want to see if a domain admin has logged in somewhere…
Great thread here about logging; > Perhaps the single most important thing you can do to prepare for an incident is to increase Windows event logging. Turn on process auditing, PowerShell logging, and dramatically increase the size of the event logs. Disk space is cheap, use it. β Jake Williams (@MalwareJake) May 8, 2019 [https://twitter.com/MalwareJake/status/1126075545547100160?ref_src=twsrc%5Etfw]…
Really great thread here about Office365 security and Azure Sentinel recommendations > If you use O365, you need to learn about password spray. Want to see some campaigns against you? Try #AzureSentinel [https://twitter.com/hashtag/AzureSentinel?src=hash&ref_src=twsrc%5Etfw]--you can connect your O365 data for free. Here are some common patterns. πππ β John Lambert (@JohnLaTwC) May 7, 2019 [https://twitter.com/JohnLaTwC/status/1125810589370961920?ref_src=twsrc%5Etfw] Azure Sentinel Password…