Author: Michael J. Melone

Guest Appearance on the Azure Security Podcast

~ Michael J. Melone ~ Leave a comment

Michael Howard invited me as a guest onto the Azure Security Podcast, a great resource for keeping track of the latest security trends and capabilities available in software development and cloud architecture. Michael usually approaches information security from a software engineering perspective, whereas my background tends to be more operationally focused (incident response, threat tracking, … Continue reading Guest Appearance on the Azure Security Podcast

Designing Secure Systems

~ Michael J. Melone ~ Leave a comment

Designing Secure Systems takes a theoretical approach to information security. In this book, I introduce authorization theory, a way to analyze the security of any system based on its access, authorization, authorization, and authentication components. This approach enables you to model human process, physical, and cybersecurity systems with a single approach.

Tracking Command and Control Communication

~ Michael J. Melone ~ 1 Comment

With all of the great detective technology we have today we have a number of ways to track adversary activity. If the threat you're tracking is a human adversary within your enterprise, any gap provides an opportunity for them to reestablish persistence using a different type of malware and a different command and control channel. … Continue reading Tracking Command and Control Communication

Ignite 2020: Best Practices for Hunting Across Domains in Microsoft 365 Defender

~ Michael J. Melone ~ Leave a comment

For Ignite 2020, Tali and I put together a video covering some demos showing how you can use the Advanced Hunting feature of Microsoft 365 Defender to correlate activity between the various Defender capabilities. Among other things you'll see an example of how to use Defender for Identity and Defender for Endpoint to track down … Continue reading Ignite 2020: Best Practices for Hunting Across Domains in Microsoft 365 Defender

Anomaly Detection in Microsoft 365 Defender

~ Michael J. Melone ~ Leave a comment

As a former incident responder, anomaly detection was part of my day-to-day job. When an attacker persists on an endpoint or within identity there is typically something that deviates from the norm - whether that be a misspelling, obscure launch string, odd configuration, or just general strange behavior. Because of this, many of the queries … Continue reading Anomaly Detection in Microsoft 365 Defender

Tracking the Adversary with M365 Defender Advanced Hunting

~ Michael J. Melone ~ Leave a comment

If you're new to advanced hunting in Microsoft 365 Defender, be sure to check out the four-part series Tali Ash and I presented in July of 2020. We start with the very basics of Kusto Query Language (KQL) and take you all the way to performing visualizations, performing anomaly detection, and track malicious activity purely … Continue reading Tracking the Adversary with M365 Defender Advanced Hunting

The Password is Dead.

~ Michael J. Melone ~ 1 Comment

Authenticating to remote services with only a password is a thing of the past. Modern attack techniques make theft and reuse of passwords simple, yet we continue to use them to secure pretty much everything. In this post, we will review the various risks associated with password authentication and discuss what can be done to improve our security posture.