Great resource here; > US CERT bulletin calls out #PowerShell [https://twitter.com/hashtag/PowerShell?src=hash&ref_src=twsrc%5Etfw] in #Iran [https://twitter.com/hashtag/Iran?src=hash&ref_src=twsrc%5Etfw] #Cyber [https://twitter.com/hashtag/Cyber?src=hash&ref_src=twsrc%5Etfw] threat. #infosec [https://twitter.com/hashtag/infosec?src=hash&ref_src=twsrc%5Etfw] A bit extreme at points but do logging for sure. Do you have PS logging enabled? https://t.co/i0KGjU0kl3 Use this hands-on lab to learn…
Interesting thread here, and Dimitrios's medium article has interesting ideas too. > Before developing advanced detection techniques for powershell and lateral movement lets think if we can use the build-in free Windows firewall to prevent widely used techniques. Then we can detect unmanaged poweshell etc https://t.co/5jwH3EWKQq — Dimitrios Margaritis (@dmargaritis) November 24, 2019 [https://twitter.com/dmargaritis/status/1198516039526625280?ref_src=twsrc%5Etfw]…
> The new @AzureMonitor [https://twitter.com/AzureMonitor?ref_src=twsrc%5Etfw] #Insights [https://twitter.com/hashtag/Insights?src=hash&ref_src=twsrc%5Etfw] for @AzureBackup [https://twitter.com/AzureBackup?ref_src=twsrc%5Etfw] is a welcomed addition - Failed jobs/alert trends! - Cross-subscription support (including #AzureLighthouse [https://twitter.com/hashtag/AzureLighthouse?src=hash&ref_src=twsrc%5Etfw])! - Individual protected instance storage usage!#Azure [https://twitter.com/hashtag/Azu…
> Reminder: even though only Win10, Windows Server 2016, & 2019 shipped with inbound SMB1 auditing, we later backported the option to WS2012 R2 & WS 2008 R2 (& equiv clients). Because I am very nice/angryhttps://t.co/TncS4UR1Fo https://t.co/sdRa7VAip6 — Ned Pyle (@NerdPyle) October 2, 2019 [https://twitter.com/NerdPyle/status/1179488496831979522?ref_src=twsrc%5Etfw]…
How Google’s QUIC Protocol Impacts Network Security and ReportingGoogle’s QUIC protocol is designed to make the web faster and more efficient. Unfortunately, Firewalls do not currently recognize QUIC traffic as web traffic, leaving a gaping hole in your network’s security and reporting capabilities. This article describes how you can resolve these issues associat…Fastvue - Simple Internet Usage ReportingEtienne Liebetrau [https://www.fastvue.co/fastvue/blog/googles-quic-protocols-security-and-re…