Trust underpins securing identity - trust in MFA devices, your admins, ... A critical area is your certificate server -- if you can't trust those certs then your entire environment is at risk. Read more at https://t.co/askR6gugvb & use #MDI to protect your ADCS servers

Big news on the work front! Today is my last day at @Secureworks, and I’d like to thank you for the opportunity to work with such fantastic people to make the world safer! My journey continues in January with #Microsoft as a Principal Identity Security Researcher. I’ll be working

Noteworthy to see this cybercrime threat group pivoting across cloud and on-premises environments #ThreatIntelligence #cloudsecurity #Identity

... and a timely reminder that passwordless is now even easier - deploy policies to remove passwords from your users' Windows 11 experience https://t.co/apUA7pix9X

Credit to Alexander Sverdl from @atlant_security for reminding me of this sketch https://t.co/TInNbYevOY

A key question in identity-related investigations is WHAT did that user or service principal do? So super happy to see 🔥 Microsoft Graph activity logs now in public preview 🔥 #dfir #EntraID #MicrosoftSentinel https://t.co/pJvFY9oo0O

Security is a team sport - working together🤝to 🔥expose threat actors🔥and keep people safe online https://t.co/BonwSaif5Z

Identity surfaces across the kill chain -- eg initial access in phishing; and (to devastating effect) lateral movement using compromised user creds as ransomware actors spread across a victim environment. Read about MDE user containment & disruption:

Your new favorite podcast is here! The Microsoft Threat Intelligence Podcast has behind-the-scenes tales about uncovering attacks, threat actors, malware, exploits, etc. from researchers & analysts. Hosted by @sherrod_im. First 3 episodes are live!

Read more about #Zeek's open-source integration with Windows resulting in #MDE customer detection value! https://t.co/MNkK6aZPOW

Read how NetworkProtection and #threatintel combine to proactively block c2 connections #MDE #Ransomware https://t.co/RhCccDx27Y

🌘Dark mode 🌒 process explorer - just in time for Halloween:)👻

Read how Raspberry Robin malware fits into the wider cybercriminal ecosystem, & how turning on attack surface reduction rules, enabling tamper protection, and a range of #MDE alerts can help defend against these attacks. #Microsoft365Defender https://t.co/rwrh9dmSOj

Now you can see that the same user being flagged for #AzureAD unfamiliar sign-in had just clicked a suspicious URL (#MDE #EDR) - all from within the #Microsoft365Defender portal :) https://t.co/y8rTRAqf0b

🧵We are excited to share that @Zeekurity is now a component of @Microsoft @Windows ! An incredible development that truly establishes Zeek as the de facto standard for #networkevidence: https://t.co/jM8b0AZ8d3 1/4

Microsoft Defender for Identity can monitor ADFS signals -- or put differently the crossover point between on-premises & cloud identity, repeatedly targeted by NOBELIUM to pivot from on-premises to cloud -- read how to use #MDI to detect such threats

Expose hidden corners of your network through device discovery 🔥now augmented with signal from Microsoft Defender for Identity🔥 https://t.co/Y1BmPuFllp #MDE #MDI #MicrosoftDefender

Microsoft Detection and Response Team (DART) was engaged to lead the investigation on destructive cyberattacks launched against the Albanian government in mid-July. We assess that the attack was launched by an Iranian state-sponsored actor. Full report:

"The cold, cruel war is raging wildly but I will sow seeds of peace again and again. Garden of hope I foresee and spring is always lovely." -- Bhuwan Thapaliya

Here are the technical details from @MsftSecIntel on the destructive (faux-ransomware) malware targeting multiple organizations in Ukraine https://t.co/pQJiKgkEW5