Ever since I joined the Microsoft Threat Intelligence Center (MSTIC) R&D team, I have been learning about Azure Resource Manager (ARM) templates to deploy several detection research environments as code. It has been a great journey learning about the syntax and format, and even when some might not like writing…

On April 21st, 2020, the ATT&CK evals team released the results of their APT29 evaluation , the emulation plan, all payloads used for Day 1 and Day 2 , and a Do-It-Yourself Caldera plugin. …

A few weeks ago, I was going over some of the research topics in my to-do list, and the one that sounded interesting to work on during 4th of July weekend 😆 was the documentation and exploration of relationships between RPC procedures/methods and other external functions such as Win32 APIs…

In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors to provide insight and transparency over their true capabilities to detect adversary behavior mapped to ATT&CK. …

Building the environment for scenario two is very easy and takes around 30–45 mins. Once the environment is set up, you will still have to set up your computer to authenticate via certificates with point-to-site VPN. This post is part of a three-part series where I share my experience deploying…

Building the environment for scenario one is very easy and takes around 30–45 mins. Once the environment is set up, you will still have to set up your computer to authenticate via certificates with point-to-site VPN. This post is part of a three-part series where I share my experience deploying…

In late 2019, the ATT&CK Evaluations team evaluated 21 endpoint security vendors using an evaluation methodology based on APT29. On April 21st, 2020, they released the results of that evaluation, the emulation plan, all payloads used for Day 1 and Day 2 , and a Do-It-Yourself Caldera plugin. One of…

Recently, I started working with Azure Sentinel, and as any other technology that I want to learn more about, I decided to explore a few ways to deploy it. I got a grasp of the basic architecture and got more familiarized with it. As a researcher, I also like to…

Happy new year everyone 🎊! I’m taking a few days off before getting back to work and you know what that means 😆 Besides working out a little bit more and playing with the dogs, I have some free time to take care of a few things in my to-do…