Block standard C:\Users\%User%\AppData\Local\Microsoft\WindowsApps Path environment variable
Hello togehter, for security reasons I like to block (GPO?) / delete the standard Windows-path-enviroment variable: C:\Users\%User%\AppData\Local\Microsoft\WindowsApps First of all: Does it make sense to do this? I want to exclude a case that some user / unwanted software are copied here by attackers. Thanks a lot KevinAttack Simulation Training - external tag
I am testing the Attack Simulation Training. I noticed on the phishing email I received, that the "External" tag that Outlook assigns was missing. That would be a red flag for many people. Is there a way to make this more realistic and have the External tag? Attack Simulation Training
I cannot Send an email suddenly - Comes back as Undeliverable
My email was working fine, and then suddenly 5 minutes later this error started showing up when I tried sending another email: Please help!! I am also the admin of the group, but I don't know how to fix this as I am obviously not spam, and no one has blocked me. Delivery has failed to these recipients or groups: This message couldn't be delivered because the sending email address was not recognized as a valid sender. The most common reason for this error is that the email address is, or was, suspected of sending spam. Contact the organization's email admin for help and give them this error message.
New blog post | Detection Engineering in Azure & Introducing AzDetectSuite
Over the past few years of performing Azure security research, I have seen many new attack primitives & techniques discovered that an adversary could abuse within Azure & Azure Active Directory (AAD). When explaining a technique to a client, the challenge wasn’t explaining how something could be abused, the challenge was explaining how to detect it. Last year, I released theAzure Threat Research Matrix(ATRM), which highlighted the potential techniques an adversary could abuse within Azure & AzureAD. The immediate thought would be to give clients an idea of what potential abuse scenarios exist when they decide to use a certain resource or feature. However, it heavily lacked defensive content. I’ve always been a firm believer in that red team exists only to help blue team, so I’m now releasing my newest project:AzDetectSuite. AzDetectSuite is a project created to allow Azure users to establish a basic defense within Azure by giving pre-built KQL queries for each technique within ATRM that are deployable Alerts to Azure Monitor. Now, in ATRM, most (85%+) techniques will have a KQL query and a button that will deploy the query to their Azure subscription. Detection Engineering in Azure & Introducing AzDetectSuite - Microsoft Community Hub
Attack Simulator Reporting
Hi, I have a query about the reporting period for the phishing attack simulator? I would like the campaign to send out the emails over 2 day's, but wish the reporting period to be for 2 weeks. In the settings the default setting is 2 day's. Does this mean that the reporting will still be ongoing after the 2 days? If the answer is no, is it possible to change this setting on an ongoing simulator campaign? Many thanks,
Attack Simulation Training
I would like to ask about Attack Simulation Training. Which we want to try in our company. We want to send for start some phishing stuff. However, when I setup everything and email is sent. Then user who clicks on the URL in the phishing mail which is from MS Library, the pages are not loading and after a while connection is timed out. Is there some problem with Licenses or there must be set up something else? We don't have these sites in the block list. Thanks in advance
