> Secret tip. Running Windows Pro? Not a Defender ATP customer. They still work with defender standalone. Pre-configure ASR even if you use a third party solution. If your primary AV fails to get loaded you should be in a decent protected state out of the box. #infosec [https://twitter.com/hashtag/infosec?src=hash&ref_src=twsrc%5Etfw] https://t.co/1K41kDZTf0 — Root (@rootsecdev) October 10, 2020 [https://twitter.com/rootsecdev/status/1314729531639463937?ref_src=twsrc%5Etfw]…
All posts in Windows 10
> Due to the very low perf cost of Defender antivirus update checks, I’m experimenting with launching an update request to their cloud 90 seconds after every login and workstation unlock. By that time user has stable network connection. Defender’s “update on startup” is unreliable. — SwiftOnSecurity (@SwiftOnSecurity) July 25, 2020 [https://twitter.com/SwiftOnSecurity/status/1286887124411846661?ref_src=twsrc%5Etfw]…
> I like to save some time and utilize a Powershell script for making tweaks for me. There are a lot of examples out there, this is a good one... https://t.co/i8x8vRI4Ye — Nels (@MattNels) May 6, 2020 [https://twitter.com/MattNels/status/1258043899429498880?ref_src=twsrc%5Etfw]…
here's the GPO policy for that; Group Policy SearchThe GPS is a group policy search tool for Microsoft Active Directory Group Policy Settings.Group Policy SearchStephanus A. Schulte & Jean-Pierre Regente Microsoft.com [https://gpsearch.azurewebsites.net/#105]…
Interesting thread here, and Dimitrios's medium article has interesting ideas too. > Before developing advanced detection techniques for powershell and lateral movement lets think if we can use the build-in free Windows firewall to prevent widely used techniques. Then we can detect unmanaged poweshell etc https://t.co/5jwH3EWKQq — Dimitrios Margaritis (@dmargaritis) November 24, 2019 [https://twitter.com/dmargaritis/status/1198516039526625280?ref_src=twsrc%5Etfw]…