security automation blog

So this whole idea started because I’ve had all my IoT-devices on a separate router for a while in order to keep it “to itself”. While doing some research for the lab config I was considering buying a new router that would allow me to play a bit with VLANs... [Read More]

Mostly just notes for myself on configuration and troubleshooting when setting up Hyper-V for my homelab. You can find more details about hardware and other stuff like diagrams in the link above. [Read More]

A bit of background on this feature might be needed - and a lot of credit has to be given to Olaf Hartong and FalconForce for this. Through a (now 6) part blog series on MDE internals they outlined some limitations in the MDE agent. I suggest starting at post... [Read More]

The concept of this blogpost is quite simple - we will start with an imaginary company that has identified some threats to their storage accounts and follow the process of detection engineering. The field of detection engineering is in itself quite big and complex, so I will resort to some... [Read More]

So this is mostly a self reference post about the action button in Defender XDR when you select rows returned from an advanced hunting query. I’ve used it in the past, but not really thought about it. I did some light digging and based on this article it’s most likely... [Read More]