Local Administrator Password Solution (LAPS) Implementation Hints and Security Nerd Commentary (including mini threat model)

I did a guest post over on the Ask PFE Platforms blog about the Local Administrator Password Solution (LAPS) this week. You can check it out here : http://blogs.technet.com/b/askpfeplat/archive/2015/12/28/local-administrator-password-solution-laps-implementation-hints-and-security-nerd-commentary-including-mini-threat-model.aspx -Jessica @jepayneMSFT 


Tracking Lateral Movement Part One – Special Groups and Specific Service Accounts

Lateral Movement – the moving of an attacker from one compromised host throughout your domain until they find what they are looking for – is something we see many just about all attackers doing during compromise. I’ve talked a lot about the attacker behavior and how to stop it – strong protective controls can serve…


Monitoring what matters – Windows Event Forwarding for everyone (even if you already have a SIEM.)

   Last week at Ignite Australia I presented a session (available here ) on something I don’t think gets talked about enough – Windows Event Forwarding, or WEF.  (Edit: I’ve also since done an depth Microsoft Virtual Academy session on Event Forwarding too!). Often when we engage for an Incident Response, we find the customer : Has no centralized logging Are…


What should I know about security? The massive list of links post.

I maintain a list of links I call “security stuff every Microsoft customer should know” that I send to every customer I visit. The list ranges from basic things to more in depth security knowledge, and is now available even if I haven’t visited you. 🙂 You might want to bookmark this page, as it will…