EDR logs explanation
Hello, would it be possible for an expert from this forum to analyze the EDR logs? Could you also explain to me in detail what happened? Furthermore, can you tell me if it is clearly established that the deleted files were deleted by someone physically present on the machine, or if there are other possible explanations? Thanks in advance.
My laptop has been blocked by BitLocker.
However, there is no BitLocker recovery keys on my Microsoft account. I have tried to call Microsoft support, but I only get bot messages that take me to sites that asks me to go and check my Microsoft account. Is there any way I can chat with a human that can actually help me how to get around this BitLocker? thanks
Executive reporting for Attack Simulation Training
Good day, My organization has decided to use Microsoft Attack Simulation Training to train our userbase to resist phishing and social engineering attacks. I am experiencing a few challenges: 1. Reporting is not very friendly. Short of using spreadsheets to track and manage user compliance, what are the best native methods for tracking? 2. An analyst prior to me had run a few haphazard simulations. Is there a way to exclude those tests from my reporting? Is it possible to delete old simulations? 3. to be considered a failure, the user must go all the way supplying credentials. I believe that if the user does anything beyond reading and/or reporting the message, they should be considered failing the test. Is there a way to adjust the failure point in Attack Simulation? 4. For repeat offenders, is there a way to split the simulations to see what simulations were failed? I have used other vendors phishing simulators. The reporting and campaign design is much better in the other solutions. Hopefully Microsoft can make vast improvements to their solution. Any and all help is greatly appreciated. Thanks, Chris O.multiple Login tries from different places
hi, from a long time I'm facing a really threatening issue of SOMEONE trying to login to my account. my sign in history shows that after like every 2 hours a new guy from new place is trying to log into my account but unable to do it coz of wrong password. Now this is really scary coz in a way someone is just keep on trying to use different passwords until he got the right one. I'm not getting what to do right now instead just waiting when he logs in and then log out from there. otherwise, I have used almost kind of Secuity measures like using authenticator app and two step verification. If anyone know anything that i can do right now from stop this then please help
AZURE, ONEDRIVE and OUTLOOK hacked with AUTOMATOR.APP
Hi, Today,I was setting up my azure dashboard and it just changed. It suddenly turned into a fake dashboard. The onedrive and outlook, he sent tasks, and corrupted a lot of files, and deleted a bunch of them, the email also all that as related to him got corrupted (the files became a deformed image).Its a hacker who is been harassing me. But he is escalating. He is even on the Krebsonsecurity blog, 2013, among 33 hackers who took down the internet. So I was investigating it, and figured out how he is doing it. He uses Automotor.app (MACOS), creating several tasks e sent tasks through calendar. It removes attachments from email (and replaces it with just a pic of it, distorted). Delete some emails, moves other to another folder, and who knows what else. This is a MAJOR THREAT. Does anyone has any suggestions on how to fix it? THE SEQUENCE This action attaches files to a Mail message. REQUIRES - The Mail application must be running and there must be an outgoing message. IMPUT (Files/Folders) The files to be attached are passed in from the previous action. RESULT Mail messages This action tells the Mail viewer window to focus on the passed in mailboxes and/or messages. IMPUT - Mail messages, Mail mailboxes. RESULT - Mail messages This action determines if the input items meet the specified criteria. IMPUT Mail messages, Mail mailboxes, Mail accounts RESULT Mail messages, Mail mailboxes, Mail accounts This action lets you search for items with the specified criteria. IMPUT Mail messages, Mail mailboxes, Mail accounts RESULT Mail messages, Mail mailboxes, Mail accounts This action extracts files attached to mail messages and saves them to the selected location. IMPUT Mail messages RESULT (Files/Folders) Attached files are passed to the next action This action will launch the Mail application and attempt to retrieve new mail messages for the specified account or all accounts. IMPUT Anything RESULT Anything This action gets the selected items and passes them to the following action. IMPUT Mail messages, Mail mailboxes, Mail accounts RESULT Mail messages, Mail mailboxes, Mail accounts This action passes the specified Mail items into the next action. IMPUT Mail items RESULT Mail Items This action creates a copy of the prepared Mail message for each of the passed in people. REQUIRES An outgoing message open in Mail prepared with subject, content and any attachments IMPUT Contacts items, Contacts people, Contacts groups RESULT Mail messages RELATED ACTION Send Outgoing Messages NOTE The message copies are not sent by this action. This action creates a new outgoing message in Mail. IMPUT (Anything) If text is received from a previous action, the text is appended to the message. If files are received from a previous action, the files are attached to the message. RESULT Mail messages RELATED ACTION Send Outgoing Messages This action creates a new Reminders item. If given input, it will use the input as the titles of the reminders. IMPUT Text RESULT Reminders This action sends an email with a birthday greeting. IMPUT Contacts people RESULT Mail messages RELATED ACTION Find People with Birthdays, Send Outgoing Messages This action sends the outgoing email messages in the Mail application. IMPUT Mail messages RESULT Mail messages, NOTE If outgoing messages are passed from the previous action, only they will be sent. If no messages are passed in, all outgoing messages will be sent. Thanx GW
Security Experts... Please advise the necessary people
I'm exploring this forum as a last resort, having exhausted all other options. My story involves a serious flaw in Microsoft's security framework, which has devastatingly impacted my once-thriving business. As a small yet vital enterprise of 15 employees, functioning as an MSP and Microsoft Silver Partner, I faced an unforeseen betrayal. During my absence for spinal surgery, a rogue Microsoft CSP Direct Partner, who was only supposed to manage my business temporarily, exploited their Microsoft affiliation. Utilizing social engineering and their insider status, they illegitimately transferred my company's goodwill and assets to themselves. This included the theft of two decades' worth of private data. The gravity of their deception extends beyond my business; they now control my client base, mainly consisting of solicitors and accountants. Despite clear evidence of their phishing and scamming activities, Microsoft has remained passive, allowing the situation to deteriorate. The suppliers, duped by fraudulent documents, are now realizing their mistake but continue to deny my rights to my own business. This inaction, shared by both Microsoft and the suppliers, leaves me entangled in debt and potential litigation. Interestingly, I am still aware of the physical whereabouts of these scammers. Moreover, I possess pages and pages of IOCs that further substantiate their illicit activities. If Microsoft genuinely engaged with this issue and worked collaboratively towards a resolution, perhaps we could transform this into a tale of rectification and justice. But, having pursued every possible channel without success, I am compelled to raise awareness on public forums. With nothing left to lose, I am calling for attention to this matter. Should you be able to assist, or know someone who can, please reach out. My contact details are linked to my forum ID, and Microsoft can easily access my tenant and phone information. Regards, bozzaman
