cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Security Experts Blog
Options
5,882

Strategies to monitor and prevent vulnerable driver attacks

stefanpuzderca on Apr 09 2024 08:41 AM
Delve into the intricate details of vulnerable driver attacks, and discover effective strategies to prevent them
6,859

Follow the Breadcrumbs with Microsoft IR & MDI: Working Together to Fight Identity-based Attacks

DenizSezer on Mar 21 2024 09:00 AM
Learn how Microsoft Incident Response uses Microsoft Defender for Identity (MDI) against identity-based attacks.
5,442

Welcome to the Microsoft Defender Experts Ninja Hub

Elisa_Lippincott on Feb 20 2024 07:20 AM
Bookmark this page for document guides, videos, and other resources focused on Defender Experts services.
17.2K

Hunting for QR Code AiTM Phishing and User Compromise

krithikar on Feb 12 2024 05:00 AM
Dig into the mechanics of QR code phishing, how the Defender Experts team hunts for these campaigns, and the mitigations...
15.8K

Defender Experts’ recommendations for impactful security posture management

PhoebeRogers on Jan 25 2024 05:23 PM
Improve your security posture with impactful controls and configurations recommended by Defender Experts.
2,195

Test your configurations and experience Defender Experts Notifications early

ashutoshmaheshwari on Jan 18 2024 07:38 PM
Our new sample Defender Experts Notifications feature lets you test configurations and see what to expect when you get a...
7,773

Experience Defender Experts above the fold

DillonPersaud on Jan 10 2024 05:42 PM
Get more visibility into what our Defender Experts are doing on your behalf with a new homepage experience and enhanced ...
16.5K

Security Analyst Profile: Arlette Umuhire Sangwa

JoeCicero on Jan 03 2024 11:04 AM
"It's not just about protecting data - it's about safeguarding the very services and institutions that are crucial for o...
17.7K

Security Analyst Profile: Amanda Cantero Schilling

JoeCicero on Dec 14 2023 07:00 AM
"Securing the digital frontier is not just about stopping cyber threats; it's about understanding the ever-evolving land...
7,814

The Microsoft Security Experts Discussion Space: Your Gateway to Knowledge Sharing

Raae_ on Dec 05 2023 06:59 AM
We're excited to spotlight our Microsoft Security Experts Discussion Space—a dedicated community designed for cybersecur...
9,374

What’s new in Microsoft Defender Experts for XDR

Elisa_Lippincott on Nov 15 2023 08:10 AM
We've been busy! Learn more about the latest enhancements to the Defender Experts for XDR service.
18.4K

Service Delivery Manager Profile: Meiko Lopez

JoeCicero on Nov 13 2023 08:00 AM
"Be steadfast in the truth - providing comfort and assurance to the customers that you will help them to a resolution."
10.7K

Service Delivery Manager Profile: Sachin Kumar

JoeCicero on Nov 06 2023 08:06 AM
“As an SDM, I am committed to walking this path of security alongside our Defender Experts for XDR customers.”
2,920

Catch Defender Experts for XDR on the Ninja Show

Elisa_Lippincott on Sep 21 2023 01:30 PM
Join us on September 25, 2023 at 9:00am PT or watch later on-demand
22K

A day in the life of a Defender Experts for XDR analyst

PhoebeRogers on Sep 19 2023 02:58 PM
See how Defender Experts help keep Microsoft customers secure every day.
8,537

The Vital Role of a Service Delivery Manager: Your Defender Experts for XDR Trusted Advisor

JoeCicero on Sep 13 2023 04:12 PM
This blog explores examples of how service delivery managers enhance your Defender Experts for XDR journey.
5,433

Get incident updates from Defender Experts for XDR in the SOC tools you use

Vivek Kumar on Sep 05 2023 01:12 PM
Learn how you can get incident updates from Microsoft Defender Experts for XDR in the SOC tools you already use.
7,711

Defender Experts Chronicles: A Deep Dive into Storm-0867

Kirtar on Aug 28 2023 10:04 AM
In this blog, our Defender Experts take a deeper look at the threat actor Storm-0867.
15.3K

Strategies for securing identities in Azure Active Directory with Sean Metcalf

BrookeLynnWeenig on Jun 14 2023 10:09 AM
Trimarc Founder and Chief Technology Officer Sean Metcalf talks about Active Directory & Azure AD security and strategie...
4,335

Visit Microsoft Security Experts at the RSA Conference 2023

Elisa_Lippincott on Apr 18 2023 01:49 PM
We’ll be in San Francisco starting Sunday, April 23, 2023. Get the details here.
23.5K

Fuzzy hashing logs to find malicious activity

Steve_Versteeg on Apr 05 2023 06:54 AM
Microsoft Incident ResponseDuring incident response, the investigators aims to find all traces of threat actor activity ...
4,406

Catch Defender Experts for Hunting on the Ninja Show

Elisa_Lippincott on Mar 14 2023 04:33 PM
Join us on March 16, 2023 at 9:00am PT or watch later on-demand  
20.6K

Good UAL Hunting

EmilyParrish on Jan 18 2023 09:31 AM
In this blog post, we will be taking a deeper dive into the Office 365 Unified Audit Log (UAL).
5,869

NEW SERIES: Security Experts Roundtable coming January 25, 2023

BrookeLynnWeenig on Dec 19 2022 12:01 PM
Introducing our newest webinar series within Microsoft Security.  
4,497

​​How to Set Security Budget and Controls to Identify Threats Faster

BrookeLynnWeenig on Dec 08 2022 09:00 AM
​​Lauren Podber offers recommendations for how organizations can build security controls and budgets.
14.2K

Microsoft Defender Experts for XDR now in preview

Elisa_Lippincott on Nov 22 2022 08:22 AM
We are excited to announce that Microsoft Defender Experts for XDR is now officially in preview. We are excited to annou...
8,395

Using Microsoft Security APIs for Incident Response - Part 2

TroyLainhoff on Nov 01 2022 09:00 AM
This blog is part two of a three-part series focused on facilitating programmatic data pulls from Microsoft APIs.
64.4K

Forensic artifacts in Office 365 and where to find them

EmilyParrish on Sep 26 2022 09:26 AM
In this article, we aim to provide some explanations and tips for investigators to use to be able to easily understand i...

Latest Comments

deepakray4623
in Strategies to monitor and prevent vulnerable driver attacks on Apr 15 2024 03:27 AM
This KQL query for "MDE Advanced Hunting query for known vulnerable drivers using the community and Microsoft lists" is throwing errors Tried executing the function "indicatorsFromMsft" separately to get the list of vulnerable drivers but still error.
0 Likes
HotCakeX
in Strategies to monitor and prevent vulnerable driver attacks on Apr 10 2024 08:29 AM
@acmartin635 WHQL is not a security certificate, nor does it guarantee more security than non-WHQL certified drivers. This is the official explanation: Driver packages that pass Windows Hardware Lab Kit (HLK) testing can be digitally-signed by WHQL. It's just a Windows compatibility certification. A...
0 Likes
acmartin635
in Strategies to monitor and prevent vulnerable driver attacks on Apr 10 2024 06:29 AM
This is only 1/2 of the problem. While adding "detections" around the exploitation of vulnerable drivers to prevent malicious attacks (think Ransomware/Trojan/C2/etc), what is not addressed here is the INTENTIONAL use of vuln. drivers to circumvent security within the system.One of the main uses for...
0 Likes
HotCakeX
in Strategies to monitor and prevent vulnerable driver attacks on Apr 09 2024 01:34 PM
Hi, great blog post! I have an article that shifts the defense from blacklisting to whitelisting for more secure outcome https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection I also provide tooling and automation for it https://github.com/HotCakeX...
0 Likes
AlbeTonyD22
in Follow the Breadcrumbs with Microsoft IR & MDI: Working Together to Fight Identity-based Attacks on Mar 26 2024 03:34 AM
Very helpful and thank you for including the KQL queries.
1 Likes