This article understands that you already configured Sentinel in your Environment Data exfiltration can be caused intentionally or by mistake Malicious insiders can be considered as trusted actors that can cause damage to your organization to their own gain There are many types of exfiltration ( Email , Sharing Links , USB .. ) In … Continue reading Azure Sentinel Query—Monitor USB data Exfiltration
Category: Security Basics
Cloud app Security : Remove PASSWORD NOT REQUIRED. ACTIVE DIRECTORY USERACCOUNTCONTROL 544 VALUE
After enabling defender for identity( integrate defender and Active Directory & Cloud app security ) . There is a remote possibility in your enviorment to face the following alert: REMOVE PASSWORD NOT REQUIRED. What does this alert mean? The alert picks up when an account is set to allow blank passwords. This is actually something … Continue reading Cloud app Security : Remove PASSWORD NOT REQUIRED. ACTIVE DIRECTORY USERACCOUNTCONTROL 544 VALUE
The Kerberos ticket instant refresh and Security Legacy Protocols
If you ever wondered why when applying permissions on Windows Enviorment takes time to apply to the user the response is : the Kerberos ticket The trick is simple just running the following command you should refresh the permissions without having to reboot Open cmd.exe run Klist purge Now I would like to go through … Continue reading The Kerberos ticket instant refresh and Security Legacy Protocols
Stop using SMB1 PowerShell command
Hi For security reasons SMB1 should not be longer used; although this is being ignored by several companies and users. Top 5 reasons: -Smb1 is not safe ( easily hackable) -Smb1 is not modern or efficient (read, write, cache ) -Smb1 is no longer required unless you do use Windows XP / 2003 ( … Continue reading Stop using SMB1 PowerShell command