The Lateral Movement Highway If you read one of the latest States of Cybercrime report by Microsoft, one finding stands out above the rest: the leading factor in ransomware incidents is “insufficient privilege access and lateral movement controls.” Just so we are all on page 12 with each other, I am saying that Lateral Movement Read More …
Tag: microsoft
The Necessary Security Model Refactor
The “Cloud First” reality necessitates shifting your mindset from the physical boundaries of ENIAD (Endpoint, Network, Identity, Applications, Data) to the logical boundaries defined by the Cloud Shared Responsibility Model. The things you protect are not just “Data,” but the entire environment that processes, stores, and governs that data. 1. Identity (The Gate) This remains the Read More …
CDR – Cloud Detection and Response
I have witnessed the evolution of security from a static, perimeter-focused discipline to a dynamic practice centered on data and identity. The shift to the cloud had been the most significant disruption, introducing a level of complexity that traditional security tools were never designed to handle. This is the operational reality that has given rise Read More …
RAMP – Rapid Modernization Plan
The Rapid Modernization Plan (RAMP) is a strategic framework developed by Microsoft to enhance the security of Active Directory (AD) environments. For someone new to IT, understanding RAMP is crucial, as it addresses the growing need for robust security measures in today’s digital landscape, particularly with the rise of cyber threats and the increasing use Read More …
Notes :: The Red Forest model
The Red Forest model, also known as the Enhanced Security Administrative Environment (ESAE), was a security design for Active Directory (AD). Think of AD as the central phone book and security guard for a company’s computer network. It keeps track of all users, computers, and their permissions. The Red Forest model was created to make Read More …
Navigating the Kubernetes Threat Landscape
The escalating adoption of Kubernetes and containerized assets has introduced complex security challenges, making anomaly detection difficult due to their highly dynamic nature. Microsoft Threat Intelligence reveals a concerning trend: attackers are increasingly exploiting unsecured workload identities to infiltrate these environments. A striking 51% of workload identities were inactive in the past year, representing a Read More …
AZ 900 Study Guide
Core Concepts Describe Cloud Concepts – What is the cloud? Describe Azure Architecture & Services – What services are there? Describe Azure Management & Governance – How you can manage things. In simpler terms, cloud computing uses a network to connect users to a cloud platform where they request and access rented computing services. Read More …
Hacker TV – GoFetch
This video demonstrates how GoFetch utilizes Bloodhound attack graph data to automatically pivot from an exploited host to the domain controller. The demonstration begins in Bloodhound, where the presenter identifies the attack path to the domain controller. After finding a path, the graph is exported for use by the attack script. The presenter then launches GoFetch Read More …
Hacker TV – The Future of Technology at Microsoft
Satya Nadella – The Future of Technology at Microsoft
NetExec for SMB Enumeration
What is NetExec? NetExec (formerly CrackMapExec) is a powerful “Swiss Army knife” tool for offensive security engagements, particularly useful for interacting with Active Directory (AD) environments. For someone learning about offensive security, here’s a quick summary of how to use NetExec in an engagement, focusing on SMB enumeration: NetExec is a command-line tool that automates Read More …