Cloudbrothers
Azure Attack Paths
Posts
Kategorien
Über mich
Talks
Deutsch
english
Deutsch
Cloudbrothers
Abbrechen
Azure Attack Paths
Posts
Kategorien
Über mich
Talks
Deutsch
english
Deutsch
Alle Kategorien
Azure AD
You always trust your CSP - Cross Tenant MFA and GDAP
Detect threats using Microsoft Graph activity logs - Part 2
Detect threats using Microsoft Graph activity logs - Part 1
Other Entra ID / Azure AD SignIn errors
Going passwordless with Window Hello for Business and SCRIL
Mehr >>
Entra ID
You always trust your CSP - Cross Tenant MFA and GDAP
Find lateral movement paths using KQL Graph semantics
Data Protection Made a Breeze: MDA integration in Edge for Business
Passkey Public Preview for Entra ID
Protect your users from Device Code Flow abuse
Mehr >>
PowerShell
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Going passwordless with Window Hello for Business and SCRIL
Sentinel Pester Framework
Convert Sentinel Analytics Rules with PowerShell
AnalyticsRules.Exchange
Mehr >>
Security
Workshop: Kusto Graph Semantics Explained
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
You always trust your CSP - Cross Tenant MFA and GDAP
Find lateral movement paths using KQL Graph semantics
Passkey Public Preview for Entra ID
Mehr >>
Azure
Anonymous IP address involving Apple iCloud Private Relay
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Conditional Access Authentication strength
Use UEBA in Microsoft Sentinel to your advantage
Use Unified Sign-In logs in Advanced Hunting
Mehr >>
KQL
Workshop: Kusto Graph Semantics Explained
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
You always trust your CSP - Cross Tenant MFA and GDAP
Find lateral movement paths using KQL Graph semantics
Protect your users from Device Code Flow abuse
Mehr >>
Identity and Access
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
Continuous access evaluation
Just-In-Time role assignment in Microsoft Defender
Änderungen an sensitiven on-Prem Gruppen mit MDI alarmieren
Mehr >>
Conditional Access
You always trust your CSP - Cross Tenant MFA and GDAP
Data Protection Made a Breeze: MDA integration in Edge for Business
Passkey Public Preview for Entra ID
Protect your users from Device Code Flow abuse
Continuous access evaluation
Mehr >>
Sentinel
Workshop: Kusto Graph Semantics Explained
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
Find lateral movement paths using KQL Graph semantics
Protect your users from Device Code Flow abuse
Anonymous IP address involving Apple iCloud Private Relay
Mehr >>
Defender for Endpoint
Workshop: Kusto Graph Semantics Explained
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
Find lateral movement paths using KQL Graph semantics
From on-prem to Global Admin without password reset
Prevent phishing based on domain registrations
Mehr >>
SQL
24 Hours of PASS: Summit Preview 2018
SQL Server 2017 Cumulative Update 7
Linux SQL Server 2017 auf Docker mit der Stack Overflow Demo Datenbank
SQL Server 2014 SP2 Cumulative Update 10
SQL Server 2017 Cumulative Update 3
Mehr >>
Microsoft 365
The case of the... MapiExceptionShutoffQuotaExceeded
Microsoft 365 Lizenzübersicht
Legacy Authentication kontrolliert abschalten - Abschaltung
Legacy Authentication kontrolliert abschalten - Die nächsten 9%
Legacy Authentication kontrolliert abschalten - Die ersten 90%
Mehr >>
Automation
Anonymous IP address involving Apple iCloud Private Relay
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Zertifikatsmanagement mit Azure Automation und Let's Encrypt
AzureRM.Network 0.9 macht Probleme mit Azure Automation
Azure Resource Manager API Übersicht
Mehr >>
FIDO2
Going passwordless with Window Hello for Business and SCRIL
Conditional Access Authentication strength
Why using a FIDO2 security key is important
Journey To Passwordless: FIDO2 Schlüssel einschränken & Fazit
Journey To Passwordless: Microsoft Authenticator App
Mehr >>
Passwordless
Going passwordless with Window Hello for Business and SCRIL
Windows Hello for Business Cloud Trust and KDC proxy
Why using a FIDO2 security key is important
Journey To Passwordless: FIDO2 Schlüssel einschränken & Fazit
Journey To Passwordless: Microsoft Authenticator App
Mehr >>
Windows Server
Gradual rollout process for Microsoft Defender
Current limits of Defender AV Tamper Protection
Defender for Identity, Npcap und Windows Server 2022
SCHANNEL Einstellungen des Azure Windows Marketplace image geändert
The case of the... WS_E_OPERATION_TIMED_OUT
Mehr >>
Analytics Rules
Sync Defender for Cloud Alerts with Sentinel Incidents
Sentinel Pester Framework
From on-prem to Global Admin without password reset
Convert Sentinel Analytics Rules with PowerShell
Prevent phishing based on domain registrations
Mehr >>
Defender AV
Microsoft Defender for Endpoint Device Health
Update to the Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
Gradual rollout process for Microsoft Defender
The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
Current limits of Defender AV Tamper Protection
Mehr >>
MFA
Conditional Access Authentication strength
Windows Hello for Business Cloud Trust and KDC proxy
Why using a FIDO2 security key is important
Warum die neue MFA Registrierung deinen Benutzern hilft
Mehr Azure MFA mit NPS
Mehr >>
User Group
Vortrag @ Microsoft 365 Security & Compliance User Group
Vortrag @ Cloud Identity Summit 2022
Vortrag @ Cloud Workplace Meetup
Vortrag @ Microsoft Cloud Security User Group
Vortrag @ Trust in Tech Cologne
Mehr >>
Advanced Hunting
Workshop: Kusto Graph Semantics Explained
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
Find lateral movement paths using KQL Graph semantics
Use Unified Sign-In logs in Advanced Hunting
Änderungen an sensitiven on-Prem Gruppen mit MDI alarmieren
Mehr >>
Exchange
The case of the... MapiExceptionShutoffQuotaExceeded
PowerShell Tipp: SPF Records abfragen
Exchange 2003 Relay Einstellungen exportieren
Sprache eines Exchange 2010 Postfaches ändern
Exchange DAG Postfachspeicher verschieben
Mehr >>
Windows
Gradual rollout process for Microsoft Defender
Current limits of Defender AV Tamper Protection
Defender for Endpoint - Did the Antivirus scan complete?
Einen Netzwerk Trace ohne Wireshark erstellen
UDP Verbindung mit PowerShell prüfen
Mehr >>
Active Directory
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
Exploit samAccountName spoofing with Kerberos
Gruppenrichtlinien mit PowerShell verwalten
Änderungen an sensitiven on-Prem Gruppen mit MDI alarmieren
Log Analytics
AnalyticsRules.Exchange
Use Unified Sign-In logs in Advanced Hunting
Operator mvexpand: expanded expression expected to have dynamic type
Report des Log Analytics Workspace für alle Azure VMs
Azure Log Analytics - RegEx Groß-Kleinschreibung ignorieren
Network
Einen Netzwerk Trace ohne Wireshark erstellen
UDP Verbindung mit PowerShell prüfen
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
Eine freie IP Adresse in Azure finden
Cisco DHCP Range pro VLAN
DSC
Persistence with Azure Policy Guest Configuration
Die Zukunft von DSC
DSC Ressource Namenskoventionen
DSC Resource Kit - November 2017
Entra
Detect threats using Microsoft Graph activity logs - Part 2
Detect threats using Microsoft Graph activity logs - Part 1
Other Entra ID / Azure AD SignIn errors
Conditional Access Authentication strength
Office 365
Microsoft 365 Lizenzübersicht
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
Ist diese IP Adresse Teil des Office 365 Adressbereiches?
Azure AD Groups - Premium Features
PKI
Golden Certificate and OCSP
The case of the... Intune SCEP Profil hängt im Status "Pending"
The case of the... WS_E_OPERATION_TIMED_OUT
Computer Kerberos Ticket und Zertifikatscache löschen
The case of the
The case of the... MapiExceptionShutoffQuotaExceeded
The case of the... Die von Ihnen verwendete Anmeldemethode ist nicht zulässig
The case of the... Intune SCEP Profil hängt im Status "Pending"
The case of the... WS_E_OPERATION_TIMED_OUT
ARM
Anonymous IP address involving Apple iCloud Private Relay
Azure Availability Sets vNet Abhängigkeit
Azure Resource Manager API Übersicht
Defender for Identity
Integrate MDI health alerts in Microsoft Sentinel
Änderungen an sensitiven on-Prem Gruppen mit MDI alarmieren
Defender for Identity, Npcap und Windows Server 2022
Defender XDR
Workshop: Kusto Graph Semantics Explained
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
Find lateral movement paths using KQL Graph semantics
HHPSUG
Gruppenrichtlinien mit PowerShell verwalten
Hamburg PowerShell User Group #1
Hamburg PowerShell User Group
Microsoft 365 Defender
From on-prem to Global Admin without password reset
Prevent phishing based on domain registrations
Integrate MDI health alerts in Microsoft Sentinel
NPS
Mehr Azure MFA mit NPS
Undokumentierte Parameter der Azure MFA NPS Erweiterung
Die Azure MFA RADIUS Challenge!
SAN
Brocade NTP Konfiguration
NetApp - ALUA aktivieren
Welche LUN verursacht die "FCP Partner Path misconfigured" Meldungen
Tools
posh-HumpCompletion
Computer Kerberos Ticket und Zertifikatscache löschen
Visual Studio Code v1.18 veröffentlicht
AAD Sync
From on-prem to Global Admin without password reset
Azure AD Sync - Höchstwert für Objektlöschungen bei der Identitätssynchronisierung erreicht
ADFS
ADFS Help
ADFS Open Source Tools auf GitHub
Defender for Office 365
Integrate MDI health alerts in Microsoft Sentinel
Detect and alert on unusual high phish or malware email volume
Docker
SQL Server 2017 Cumulative Update 7
Linux SQL Server 2017 auf Docker mit der Stack Overflow Demo Datenbank
Intune
The case of the... Die von Ihnen verwendete Anmeldemethode ist nicht zulässig
The case of the... Intune SCEP Profil hängt im Status "Pending"
Kraph
Workshop: Kusto Graph Semantics Explained
Find lateral movement paths using KQL Graph semantics
Microsoft Graph
Detect threats using Microsoft Graph activity logs - Part 2
Detect threats using Microsoft Graph activity logs - Part 1
Module
AzureSimpleREST Module
PowerShell Modul Entwicklung: Pester Tests
NetApp
NetApp - ALUA aktivieren
Welche LUN verursacht die "FCP Partner Path misconfigured" Meldungen
Pester
Sentinel Pester Framework
PowerShell Modul Entwicklung: Pester Tests
Sysmon
Workshop: Kusto Graph Semantics Explained
EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1
TIL
Operator mvexpand: expanded expression expected to have dynamic type
TIL BitLocker + YubiKey = ❤️
Azure Automation
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Azure Stack
OPENedX - Configuring and Operating Microsoft Azure Stack
Backup
"Reverse engineering" der Azure REST API
Bicep
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Defender
Gradual rollout process for Microsoft Defender
Defender for Cloud
Sync Defender for Cloud Alerts with Sentinel Incidents
Detection Engineering
Workshop: Kusto Graph Semantics Explained
DevOps
Azure OpenDev
Encryption
Bessere Verschlüsselung dank Lavalampen
Excel
Report des Log Analytics Workspace für alle Azure VMs
GPO
Gruppenrichtlinien mit PowerShell verwalten
Intel
SQL Server und Meltdown und Spectre
Kerberos
Exploit samAccountName spoofing with Kerberos
Let's Encrypt
Zertifikatsmanagement mit Azure Automation und Let's Encrypt
Logic App
Sync Defender for Cloud Alerts with Sentinel Incidents
Logic Apps
Anonymous IP address involving Apple iCloud Private Relay
Microsoft Defender XDR
Data Protection Made a Breeze: MDA integration in Edge for Business
Microsoft Information Protection
Bypass sensitivity label restrictions with mobile Edge and conditional access policies
Microsoft Teams
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
OMS
Report des Log Analytics Workspace für alle Azure VMs
PowerShell Core
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Printer
Ein Drucker oder Aufträge in der Druckerwarteschlange löschen
Proxy
Proxy, Proxy an der Wand...
PSScriptAnalyzer
PowerShell Modul Entwicklung: Pester Tests
REST
"Reverse engineering" der Azure REST API
SOAR
Anonymous IP address involving Apple iCloud Private Relay
Threat Hunting
Workshop: Kusto Graph Semantics Explained
UniFi
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
VMware
Hilfe bei doppelten PowerShell cmdlet Namen
Workshop
Workshop: Kusto Graph Semantics Explained
XSPM
Find lateral movement paths using KQL Graph semantics
YubiKey
TIL BitLocker + YubiKey = ❤️