Cloudbrothers
Azure Attack Paths
Posts
Categories
About me
Talks
english
english
Deutsch
Cloudbrothers
Cancel
Azure Attack Paths
Posts
Categories
About me
Talks
english
english
Deutsch
All Categories
Entra ID
You always trust your CSP - Cross Tenant MFA and GDAP
Find lateral movement paths using KQL Graph semantics
Data Protection Made a Breeze: MDA integration in Edge for Business
Passkey Public Preview for Entra ID
Protect your users from Device Code Flow abuse
More >>
Security
You always trust your CSP - Cross Tenant MFA and GDAP
Find lateral movement paths using KQL Graph semantics
Passkey Public Preview for Entra ID
Protect your users from Device Code Flow abuse
Anonymous IP address involving Apple iCloud Private Relay
More >>
KQL
You always trust your CSP - Cross Tenant MFA and GDAP
Find lateral movement paths using KQL Graph semantics
Protect your users from Device Code Flow abuse
Anonymous IP address involving Apple iCloud Private Relay
Detect threats using Microsoft Graph activity logs - Part 2
More >>
Azure AD
You always trust your CSP - Cross Tenant MFA and GDAP
Detect threats using Microsoft Graph activity logs - Part 2
Detect threats using Microsoft Graph activity logs - Part 1
Other Entra ID / Azure AD SignIn errors
Going passwordless with Window Hello for Business and SCRIL
More >>
Identity and Access
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
Continuous access evaluation
Just-In-Time role assignment in Microsoft Defender
Alert changes to sensitive AD groups using MDI
More >>
Conditional Access
You always trust your CSP - Cross Tenant MFA and GDAP
Data Protection Made a Breeze: MDA integration in Edge for Business
Passkey Public Preview for Entra ID
Protect your users from Device Code Flow abuse
Continuous access evaluation
More >>
Azure
Anonymous IP address involving Apple iCloud Private Relay
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Conditional Access Authentication strength
Use UEBA in Microsoft Sentinel to your advantage
Use Unified Sign-In logs in Advanced Hunting
More >>
PowerShell
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Going passwordless with Window Hello for Business and SCRIL
Sentinel Pester Framework
Convert Sentinel Analytics Rules with PowerShell
AnalyticsRules.Exchange
More >>
Sentinel
Find lateral movement paths using KQL Graph semantics
Protect your users from Device Code Flow abuse
Anonymous IP address involving Apple iCloud Private Relay
Detect threats using Microsoft Graph activity logs - Part 2
Detect threats using Microsoft Graph activity logs - Part 1
More >>
Defender for Endpoint
Find lateral movement paths using KQL Graph semantics
From on-prem to Global Admin without password reset
Prevent phishing based on domain registrations
Microsoft Defender for Endpoint Device Health
Update to the Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
More >>
FIDO2
Going passwordless with Window Hello for Business and SCRIL
Conditional Access Authentication strength
Why using a FIDO2 security key is important
Journey To Passwordless: Restrict FIDO2 key usage & conclusion
Journey To Passwordless: Microsoft Authenticator App
More >>
Passwordless
Going passwordless with Window Hello for Business and SCRIL
Windows Hello for Business Cloud Trust and KDC proxy
Why using a FIDO2 security key is important
Journey To Passwordless: Restrict FIDO2 key usage & conclusion
Journey To Passwordless: Microsoft Authenticator App
More >>
Microsoft 365
The case of the... MapiExceptionShutoffQuotaExceeded
Microsoft 365 license overview
Phase out Legacy Authentication - Endgame
Phase out Legacy Authentication - The next 9%
Phase out Legacy Authentication - The first 90%
More >>
Analytics Rules
Sync Defender for Cloud Alerts with Sentinel Incidents
Sentinel Pester Framework
From on-prem to Global Admin without password reset
Convert Sentinel Analytics Rules with PowerShell
Prevent phishing based on domain registrations
More >>
Defender AV
Microsoft Defender for Endpoint Device Health
Update to the Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
Gradual rollout process for Microsoft Defender
The Hitchhiker's Guide to Microsoft Defender for Endpoint exclusions
Current limits of Defender AV Tamper Protection
More >>
User Group
Speaking @ Microsoft 365 Security & Compliance User Group
Speaking @ Cloud Identity Summit 2022
Speaking @ Cloud Workplace Meetup
Speaking @ Microsoft Cloud Security User Group
Speaking @ Trust in Tech Cologne
More >>
Windows
Gradual rollout process for Microsoft Defender
Current limits of Defender AV Tamper Protection
Defender for Endpoint - Did the Antivirus scan complete?
Create a Network Trace Without Wireshark
Test UDP connection with PowerShell
More >>
Active Directory
Going passwordless with Window Hello for Business and SCRIL
From on-prem to Global Admin without password reset
Exploit samAccountName spoofing with Kerberos
Manage group policies with PowerShell
Alert changes to sensitive AD groups using MDI
Log Analytics
AnalyticsRules.Exchange
Use Unified Sign-In logs in Advanced Hunting
Operator mvexpand: expanded expression expected to have dynamic type
Query the Log Analytics Workspace for all Azure VM
Azure Log Analytics - RegEx case insensitive
Windows Server
Gradual rollout process for Microsoft Defender
Current limits of Defender AV Tamper Protection
Defender for Identity, Npcap on Windows Server 2022
SCHANNEL settings in Azure Windows Marketplace image changed
Clear computer Kerberos ticket and certificate cache
Advanced Hunting
Find lateral movement paths using KQL Graph semantics
Use Unified Sign-In logs in Advanced Hunting
Alert changes to sensitive AD groups using MDI
Automated response to C2 traffic on your devices
Automation
Anonymous IP address involving Apple iCloud Private Relay
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Certificate management with Azure Automation and Let's Encrypt
AzureRM.Network 0.9 breaks Azure Automation Runbooks
Entra
Detect threats using Microsoft Graph activity logs - Part 2
Detect threats using Microsoft Graph activity logs - Part 1
Other Entra ID / Azure AD SignIn errors
Conditional Access Authentication strength
MFA
Conditional Access Authentication strength
Windows Hello for Business Cloud Trust and KDC proxy
Why using a FIDO2 security key is important
Why the new MFA registration benefits your users
Network
Create a Network Trace Without Wireshark
Test UDP connection with PowerShell
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
Find a free IP address in Azure
Defender for Identity
Integrate MDI health alerts in Microsoft Sentinel
Alert changes to sensitive AD groups using MDI
Defender for Identity, Npcap on Windows Server 2022
Microsoft 365 Defender
From on-prem to Global Admin without password reset
Prevent phishing based on domain registrations
Integrate MDI health alerts in Microsoft Sentinel
Office 365
Microsoft 365 license overview
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
Is this ip address part of the Office 365 IP address range?
PKI
Golden Certificate and OCSP
The case of the... Intune SCEP Profil hangs in pending state
Clear computer Kerberos ticket and certificate cache
The case of the
The case of the... MapiExceptionShutoffQuotaExceeded
The case of the... The Sign-in method you're using isn't allowed
The case of the... Intune SCEP Profil hangs in pending state
ARM
Anonymous IP address involving Apple iCloud Private Relay
Azure Availability Sets vNet dependency
Defender for Office 365
Integrate MDI health alerts in Microsoft Sentinel
Detect and alert on unusual high phish or malware email volume
Exchange
The case of the... MapiExceptionShutoffQuotaExceeded
PowerShell Tip: Resolve SPF Records
Intune
The case of the... The Sign-in method you're using isn't allowed
The case of the... Intune SCEP Profil hangs in pending state
Microsoft Graph
Detect threats using Microsoft Graph activity logs - Part 2
Detect threats using Microsoft Graph activity logs - Part 1
Module
AzureSimpleREST Module
PowerShell Modul Development: Pester Tests
Pester
Sentinel Pester Framework
PowerShell Modul Development: Pester Tests
TIL
Operator mvexpand: expanded expression expected to have dynamic type
TIL BitLocker + YubiKey = ❤️
AAD Sync
From on-prem to Global Admin without password reset
Azure Automation
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Backup
"Reverse engineering" the Azure REST API
Bicep
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Defender
Gradual rollout process for Microsoft Defender
Defender for Cloud
Sync Defender for Cloud Alerts with Sentinel Incidents
Defender XDR
Find lateral movement paths using KQL Graph semantics
DSC
Persistence with Azure Policy Guest Configuration
Excel
Query the Log Analytics Workspace for all Azure VM
GPO
Manage group policies with PowerShell
HHPSUG
Manage group policies with PowerShell
Kerberos
Exploit samAccountName spoofing with Kerberos
Let's Encrypt
Certificate management with Azure Automation and Let's Encrypt
Logic App
Sync Defender for Cloud Alerts with Sentinel Incidents
Logic Apps
Anonymous IP address involving Apple iCloud Private Relay
Microsoft Defender XDR
Data Protection Made a Breeze: MDA integration in Edge for Business
Microsoft Information Protection
Bypass sensitivity label restrictions with mobile Edge and conditional access policies
Microsoft Teams
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
OMS
Query the Log Analytics Workspace for all Azure VM
PowerShell Core
How to deploy a PowerShell 7.2 runbook to Azure Automation using Bicep
Proxy
Proxy, Proxy on the Wall...
PSScriptAnalyzer
PowerShell Modul Development: Pester Tests
REST
"Reverse engineering" the Azure REST API
SOAR
Anonymous IP address involving Apple iCloud Private Relay
Tools
Clear computer Kerberos ticket and certificate cache
UniFi
Optimize your Microsoft Teams traffic with QoS on a UniFi USG
XSPM
Find lateral movement paths using KQL Graph semantics
YubiKey
TIL BitLocker + YubiKey = ❤️