Security Monitoring–Additional PowerShell Detections Addendum

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. This is a follow up article to this piece that I wrote in early September. Not surprisingly, there was some noise in my initial lab tests….

0

Security Monitoring–Using SCOM to Detect Legacy TLS Protocol Usage

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. This has been on my bucket list for a while now, and I finally got around to figuring it out. TLS is a transport layer protocol…

0

Security Monitoring–Additional PowerShell Detections

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. Note that there is an addendum to this piece for override purposes. That can be found here. A colleague of mine turned me on to this…

4

Security Monitoring–Configuring SCOM to alert on attempts to kill Windows Defender

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. This is just a quick update to the next revision of Security Monitoring. If you don’t use Windows Defender, this will not generate any alerts, and…

0

Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 2

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. You can find part 1 here. ***Please Read This First*** I need to preface this article by simply saying that this is the type of thing…

0

Security Monitoring–Using SCOM to Detect Executables Run in Writeable OS Directories Part 1

Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following location. Please reference all future content from that location. Thanks. I had the privilege of attending Microsoft Ready this last July. That allowed for some very useful networking. In this case, I got to speak a…

2