Michalis Michalos

SecOps, DFIR & Threat Intelligence

Tag: mitre att&ck

  • Operationalizing MITRE ATT&CK with Microsoft Security (Part 2)

    Operationalizing MITRE ATT&CK with Microsoft Security (Part 2)

    It has been some time since Part 1 of this blog has been posted, you may find it here. First part, focused mainly on the benefits and how to operationalize MITRE ATT&CK at Microsoft Defender XDR while this blog will focus on Microsoft Sentinel. Table of contents Part 2: Microsoft Sentinel Analytics The first, and…

  • Five (plus one) notable cyber attacks in Greece during 2023

    Five (plus one) notable cyber attacks in Greece during 2023

    Advanced Persistent Threats (APTs), cybercriminals and hacktivists conducted a plethora of cyber attacks including ransomware and DDoS attacks cherishing an interesting threat landscape for Greece throughout 2023. As developed for 2022, following you will find a report of five (plus one this year!) notable cyber attacks in Greece with information derived from publicly accessible reports…

  • Detecting RMM tools using Microsoft Defender for Endpoint

    Detecting RMM tools using Microsoft Defender for Endpoint

    Introduction It’s no secret that Remote Monitoring and Management (RMM) software is being used by Threat Actors (TAs) for lateral movement and to establish command and control (C2). The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC), released a joint Cybersecurity Advisory (CSA), highlighting the…

  • The absolute beginner’s guide for hunting with KQL

    The absolute beginner’s guide for hunting with KQL

    Building queries for Microsoft 365 Defender or Microsoft Sentinel could be challenging, especially when there are complex requirements which obligate mazelike table data. Be that as it may, it is important to keep a set of simple queries handy to be used immediately in case threat hunting or detecting is required to take place. As…

  • Operationalizing MITRE ATT&CK with Microsoft Security (Part 1)

    Operationalizing MITRE ATT&CK with Microsoft Security (Part 1)

    The MITRE ATT&CK framework has emerged as a cornerstone of modern cybersecurity, empowering organizations to navigate the complex world of cyber attacks with greater clarity and effectiveness. The ATT&CK matrix provides a comprehensive knowledge base of adversary tactics, techniques, and procedures (TTPs) that enable security teams to better understand, detect, and respond to sophisticated threats.…