Michael Howard invited me as a guest onto the Azure Security Podcast, a great resource for keeping track of the latest security trends and capabilities available in software development and cloud architecture. Michael usually approaches information security from a software engineering perspective, whereas my background tends to be more operationally focused (incident response, threat tracking, … Continue reading Guest Appearance on the Azure Security Podcast
Category: Blog Posts
A general category containing all posts except current events
Designing Secure Systems
Designing Secure Systems takes a theoretical approach to information security. In this book, I introduce authorization theory, a way to analyze the security of any system based on its access, authorization, authorization, and authentication components. This approach enables you to model human process, physical, and cybersecurity systems with a single approach.
Tracking Command and Control Communication
With all of the great detective technology we have today we have a number of ways to track adversary activity. If the threat you're tracking is a human adversary within your enterprise, any gap provides an opportunity for them to reestablish persistence using a different type of malware and a different command and control channel. … Continue reading Tracking Command and Control Communication
Ignite 2020: Best Practices for Hunting Across Domains in Microsoft 365 Defender
For Ignite 2020, Tali and I put together a video covering some demos showing how you can use the Advanced Hunting feature of Microsoft 365 Defender to correlate activity between the various Defender capabilities. Among other things you'll see an example of how to use Defender for Identity and Defender for Endpoint to track down … Continue reading Ignite 2020: Best Practices for Hunting Across Domains in Microsoft 365 Defender
Anomaly Detection in Microsoft 365 Defender
As a former incident responder, anomaly detection was part of my day-to-day job. When an attacker persists on an endpoint or within identity there is typically something that deviates from the norm - whether that be a misspelling, obscure launch string, odd configuration, or just general strange behavior. Because of this, many of the queries … Continue reading Anomaly Detection in Microsoft 365 Defender
Tracking the Adversary with M365 Defender Advanced Hunting
If you're new to advanced hunting in Microsoft 365 Defender, be sure to check out the four-part series Tali Ash and I presented in July of 2020. We start with the very basics of Kusto Query Language (KQL) and take you all the way to performing visualizations, performing anomaly detection, and track malicious activity purely … Continue reading Tracking the Adversary with M365 Defender Advanced Hunting
The Password is Dead.
Authenticating to remote services with only a password is a thing of the past. Modern attack techniques make theft and reuse of passwords simple, yet we continue to use them to secure pretty much everything. In this post, we will review the various risks associated with password authentication and discuss what can be done to improve our security posture.
Petya and WannaCrypt Ransomware Propagation
Recently, the Internet has been overrun with ransomware - software designed to take advantage of users by encrypting their data and holding the keys for ransom. In this post, we will use the concepts of access and authorization to assess this malware and better understand why it was so successful.
Think Like a Hacker: A Sysadmin’s Guide to Cybersecurity
Think Like a Hacker is designed for systems administrators interested in the cybersecurity field as well as information security professionals interested in secure systems design.
Prologue – Think Like a Hacker
Think Like a Hacker is designed to take an IT professional with an interest in cybersecurity on a journey through how an attacker thinks about a network, while posing new theoretical models on how to analyze their network through the lens of a targeted attacker. This book is not be your typical security book that focuses … Continue reading Prologue – Think Like a Hacker