Azure Sentinel To-Go 🛒 — Part 2: Integrating a Basic Windows Lab 🧪 via ARM Templates 🚀Most of the time when we think about the basics of a detection research lab, it is an environment with Windows endpoints, audit policies…Oct 5, 2020Oct 5, 2020
Published inOpen Threat ResearchIt is Biceps 💪 Day! Flexing an ARM Template to deploy Azure Sentinel 🏹Ever since I joined the Microsoft Threat Intelligence Center (MSTIC) R&D team, I have been learning about Azure Resource Manager (ARM)…Sep 9, 20202Sep 9, 20202
Published inOpen Threat ResearchMordor PCAPs 📡 — Part 1: Capturing Network Packets from Windows Endpoints with Network Shell…On April 21st, 2020, the ATT&CK evals team released the results of their APT29 evaluation , the emulation plan, all payloads used for Day…Jul 27, 2020Jul 27, 2020
Published inOpen Threat ResearchExtending the Exploration and Analysis of Windows RPC Methods Calling other Functions with Ghidra…A few weeks ago, I was going over some of the research topics in my to-do list, and the one that sounded interesting to work on during 4th…Jul 21, 2020Jul 21, 2020
Published inOpen Threat ResearchCommunity Evaluating Free Telemetry 💸 🌎 Following the ATT&CK Evals Methodology ⚔️In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors to provide insight and transparency over their true…Jun 12, 2020Jun 12, 2020
Published inOpen Threat ResearchMordor Labs 😈 — Part 3: Executing ATT&CK APT29 Evaluations Emulation Plan 📕 -Day2Building the environment for scenario one is very easy and takes around 30–45 mins. Once the environment is set up, you will still have to…May 3, 2020May 3, 2020
Published inOpen Threat ResearchMordor Labs 😈 — Part 2: Executing ATT&CK APT29 Evals Emulation Plan 📕 -Day1Building the environment for scenario one is very easy and takes around 30–45 mins. Once the environment is set up, you will still have to…May 3, 2020May 3, 2020
Published inOpen Threat ResearchMordor Labs 😈 — Part 1: Deploying ATT&CK APT29 Evals Environments via ARM Templates 🚀 to Create…In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors using an evaluation methodology based on APT29. On April…May 2, 20201May 2, 20201
Published inOpen Threat ResearchAzure Sentinel To-Go!Recently, I started working with Azure Sentinel, and as any technology that I am learning about, I decided to explore a few ways to deploy…Mar 27, 2020Mar 27, 2020
Published inOpen Threat ResearchJupyter Notebooks 📓 from SIGMA Rules 🛡⚔️ to Query Elasticsearch 🏹Happy new year everyone 🎊! I’m taking a few days off before getting back to work and you know what that means 😆 Besides working out a…Jan 11, 20201Jan 11, 20201