Join us this episode as we welcome back fan favorite, Nathan Swift. This is a demo-heavy episode, so make sure to catch the live video replay if you can. Dive into the incredible potential of tools like Microsoft Defender EASM—a budget-friendly powerhouse for countless use cases—and unravel the magic of the TwistDNS algorithm in spotting typosquatting and phishing threats. From building Microsoft Sentinel Watchlists to crafting advanced integrations with Azure Container Instances, Logic Apps, and Functions, we’re here to keep your mind buzzing and your solutions thriving.
Show Notes/Links
Nathan's GitHub repo: https://github.com/SwiftSolves-msft
Nathan's old GitHub repo: https://github.com/SwiftSolves
Sentinel DNSTwist Solution: https://github.com/swiftsolves-msft/Sentinel-DNSTwist-Solution
Just good old plain security stuff:
General:
Threat Intelligence:
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Azure Security:
Defender for Cloud:
Secure your AI application transformation with Microsoft Defender for Cloud-V
Manage cloud security posture with Microsoft Defender for Cloud -V
Sentinel News:
Microsoft Entra:
ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison
Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring
Exploring the Extensibility of Active Directory Migration Service (ADMS)
Tell us what you think: The Microsoft Entra blog team wants to hear from you!
New innovations in Microsoft Entra to strengthen AI security and identity protection
Insights from the Secure Employee Access report reveal the need for unified access security
M365 Defender | XDR - (MDO, MDE, MDI, MDCA):
Built-in report button is available in Microsoft Outlook across platforms
Defending Against OAuth-Based Attacks with Automatic Attack Disruption
Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series
Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails
Unveiling the Shadows: Extended Critical Asset Protection with MSEM
Level up your defense: protect against attacks using stale user accounts
Discover and protect Service Accounts with Microsoft Defender for Identity
Protect SaaS apps from OAuth threats with attack path, advanced hunting and more
Security Copilot:
Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries
Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and Beyond
Microsoft Purview:
APR 22 (8:00AM) Microsoft Purview | eDiscovery New User Experience and Retirement of Classic
Inheriting Sensitivity Labels from Shared Files to Teams Meetings
Microsoft Purview AMA - Data Security, Compliance, and Governance
Microsoft Security Learning:
Microsoft Security Github’s:
Webinars and Stuff:
APR 23 (9:00AM) Microsoft Defender XDR | SaaS Security Exposure Reduction via the Exposure Management Platform
APR 24 (9:00AM) Microsoft Defender XDR | Secure Your Servers with Microsoft's Server Protection Solution
Notes, Tips and Tools:
Blue Team Handbook: https://amzn.to/4ir9lfG
dnstwist: https://github.com/elceef/dnstwist
domain name permutation engine: https://www.mankier.com/1/dnstwist
Crime mapper: https://mr-r3b00t.github.io/crime-mapper/experimental_mapper.html
Website mapping: https://addons.mozilla.org/en-US/firefox/addon/lightbeam-chik
Share this post