Tag: incident response

Investigating initial access in compromised email accounts using Microsoft 365 Defender

Introduction Fortra recently released a report indicating that business email compromise (BEC) attacks are at their zenith. Why not? As ENISA mentions in its 2022 Threat Landscape Report, financially motivated threat actors find it far more easier to perform a Man-in-The-Middle (MiTM) through an account take over rather than preparing and conducting sophisticated malware attacks…

October 3, 2023
Remotely restart endpoints using MDE live response

If you haven’t familiarized yourself with Microsoft Defender for Endpoint live response, this is a simple exercise to perform a live response while using the scripts library and storing a simple and straightforward PowerShell script that restarts the endpoint, something that is not available through Microsoft 365 Defender portal. What is live response? Live response…

July 31, 2023

Investigating initial access in compromised email accounts using Microsoft 365 Defender