Using SCOM to Capture Suspicious Process Creation Events

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I recently had the privilege of chatting with Greg Cottingham on the Azure Security Center Analyst Team about process creation events and how to use them…


Using SCOM to Detect Scheduled Task Creation

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. One well known thing that attackers like to do is to create scheduled tasks to periodically execute their payloads.  Detecting Scheduled task creation is not terribly…


Using SCOM to Detect Golden Tickets

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. For the three people that religiously read my blog, you know by now that I’ve been writing quite a bit on using SCOM to detect some…


Using SCOM to Detect WDigest Enumeration

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. In a recent conversation with fellow colleague Jessica Payne, it was noted that one of the most common forms of credential theft presently involves using exposed…


Using SCOM to Detect Pass the Ticket Attacks

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. Last month, I wrote a two part series on using SCOM to detect pass the hash attacks. I’ve decided to take some time and focus on…


Speaking in Ciphers and other Enigmatic tongues…update!

Hi! Jim Tierney here again to talk to you about Cryptographic Algorithms, SCHANNEL and other bits of wonderment. My original post on the topic has gone through yet another rewrite to bring you up to date on recent changes in this  crypto space. So, your company purchases this new super awesome vulnerability and compliance management…