𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴

884 posts

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴

@KoosGoossens

Microsoft Security MVP | Photographer | Watch nerd | Pinball enthusiast | BBQ Grillmaster

The Netherlands Katılım Temmuz 2010

155 Takip Edilen293 Takipçiler

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴@KoosGoossens·13 Oca

@yellowhat_live Lets go!!!

English

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Jan Bakker@janbakker_·12 Şub

I usually don't drink on weekdays, but hear me out: Over the weekend, I thought about a common conditional access misconfiguration I often see in the wild. I decided to write a blog post about it, but that got me thinking: Is that the best way to reach as many tenant admins as possible? That gave me the following idea: What if I write a 🔥Maester test for it? Now, as a non-developer, that might be out of your comfort zone, but with the help of @merill and @Thomas_Live, I quickly got this new test added to the existing repository, ready to hit hundreds or thousands of tenants. Dare to (th)(dr)ink different. 🔥 📖 [Blogpost] janbakker.tech/conditional-ac… 🚀 [Contribute to Maester] maester.dev/docs/contribut…

English

5.3K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Experts Live Denmark@ExpertsLiveDK·31 Oca

✨ Session Announcement: Build your security data lake with Microsoft Sentinel & Data Explorer; a match made in Azure! ☁️🔐✨ 🎤 Get ready for a VIP experience with the legendary @KoosGoossens, Microsoft Security MVP & Cloud Wizard @ Wortell! He's spilling the tea on turbo-charged, budget-friendly log storage tricks that'll have your data spinning into the future. 🗓️ March 5, 2025 - mark your calendars for an epic showdown of code and Hollywood glamour at VUE! 🎥💫 🎟️ VIPs, let's light up the cloud! 💥🚀 Tickets are flying - catch yours now and join the hype! 🎉👇 conference.expertslive.dk #ELDK2025 #ExpertsLiveDK #Microsoft #Community #Security #Azure #AI #ModernWorkplace #Intune #DevOps #Automation #M365 #PowerPlatform #Data #Purview #Development #OpenAI #Copilot #AVD #W365 #Identity #Entra ELDK2025 Organizers: Morten Knudsen (@knudsenmortendk) Thomas Poppelgaard (@_POPPELGAARD) Martin Byskov (@ByzzByskov) Henrik Wojcik (@henrikwojcik) Heine Madsen (@HeineKoldbro) Kent Agerlund (@agerlund)

English

160

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Elli Shlomo@ellishlomo·31 Oca

Investigating Microsoft 365? The Unified Audit Log (UAL) is your go-to for tracking user and admin activities. Learn how to leverage it for security insights and compliance. 🔍 Read more: cyberdom.blog/microsoft-365-…

English

106

5.7K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Matt Zorich@reprise_99·26 Oca

@HEXiT___ I put some notes here that hopefully explain it - github.com/reprise99/4688…

English

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Matt Zorich@reprise_99·24 Oca

One of our very smart Active Directory experts has been putting together a series of blog posts about hardening AD. Already into its 7th installment, it covers SMB hardening, disabling NTLMv1, least privilege and more. Check the series out - techcommunity.microsoft.com/tag/adhardening

English

255

882

50.6K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Matt Zorich@reprise_99·13 Oca

Great reminder for anyone wanting to enrich their Kusto queries with additional information. If you are after enrichment such as geo info for IPs, ASN lookup info, tor exit node data and more, then have a look below. The KQL is already written for you - firewalliplists.gypthecat.com/kusto-tables/

Aura@SecurityAura

A special thanks to @reprise_99 who showed me @gypthecatdotcom and it's Kusto ASN Table lists and references! Definitely something everyone should be aware of and start using in their queries for enrichment and additional filtering opportunities! firewalliplists.gypthecat.com/kusto-tables/

English

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Fabian Bader@fabian_bader·6 Oca

A new dedicated resource application to enable Active Directory to Microsoft Entra ID sync using Microsoft Entra Connect Sync or Cloud Sync is coming 😱 In the announcement the mentioned reason is "upcoming security hardening"... 6bf85cfa-ac8a-4be5-b5de-425a0d0dc016 #EntraID

English

166

14.5K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Chris Goosen@chrisgoosen·11 Ara

everyday df3ndr episode 01x01 is out now! df3ndr.io/episodes/2024/… /cc @KoosGoossens

English

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Chris Goosen@chrisgoosen·2 Ara

@KoosGoossens and I have been working on this for a few months now and while he is away at ESPC24 in Stockholm this week, I thought I'd share this intro - df3ndr.io/episodes/2024/… Join us for the first of many episodes, coming soon to your favorite podcast player.

English

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Bert-Jan 🛡️@BertJanCyber·4 Kas

For all #KQL fans, I had this list of community repos lying around, the list now consists of 33 repos for you to investigate. Happy hunting! 🏹 Feel free to send a PR if you miss repos! :) github.com/Bert-JanP/Hunt…

English

262

16K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Jan Bakker@janbakker_·17 Eyl

New blogpost! Learn how to register Yubikeys on behalf of your users! janbakker.tech/register-yubik…

English

288

24.3K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Chris Goosen@chrisgoosen·16 Eyl

The latest @TheCloudArch episode is now live - thanks to @KoosGoossens @jeroenniesen @maarten_goet for being our guests (and cooking dinner!) - Episode 92: Dutch! (thearchitects.cloud)

English

322

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Experts Live Europe@ExpertsLiveEU·8 Eyl

Who doesn't want to learn about #security? 😃 Come to #ExpertsLiveEU to hear from @KoosGoossens and learn how to build your security data lake with #MicrosoftSentitel & #DataExplorer: a match made in #Azure. 📅 Sept 24-25 Main Conference 📌 Budapest, Hungary 🔗 expertslive.eu

English

249

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

James@JamesAgombar·6 Eyl

Wrote a new blog on how to set up Microsoft Defender for External Attack Surface Management. Hope it’s of use to someone out there. security-ninja.com/post/configuri…

English

3.6K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴@KoosGoossens·2 Eyl

@nickchapsas I had the exact same issue! The requirements are incorrect. 15 characters max. #thecakeisalie 😉

English

114

Nick Chapsas@nickchapsas·2 Eyl

Must be in Ancient Greek Must have 2 emojis Must be a palindrome Must be created after the sacrifice of a sacred deer Must

English

164

20.7K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴@KoosGoossens·20 Ağu

@mikecybersec @fabian_bader Because we cannot trigger Functions from Sentinel automation. And triggering a Function from a Logic Apps, and bringing back the response to that Logic App is even more ugly. 🙄

English

mikecybersec@mikecybersec·20 Ağu

@fabian_bader Why not just use functions?

English

164

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Fabian Bader@fabian_bader·19 Ağu

Run PowerShell in a Logic Apps That's a game changer and will make it possible to use logic apps even for more complex tasks techcommunity.microsoft.com/t5/azure-integ…

English

162

39.7K

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴@KoosGoossens·20 Ağu

@fabian_bader @olafhartong That’s easy. Deploy Logic Apps from code and make sure nobody had write access to the Logic Apps. Perhaps a good idea for all resource types capable of using Managed Identites. Oh; and don’t assign owner to those identities. 🤪

English

Fabian Bader@fabian_bader·19 Ağu

@olafhartong And think about the new "attack vectors" when you have a managed identity and a script nobody is monitoring ...

English

582

𝘒𝘰𝘰𝘴 𝘎𝘰𝘰𝘴𝘴𝘦𝘯𝘴 retweetledi

Maarten Goet 🥷🏻@maarten_goet·9 Ağu

RansomCow 🐄

Hackmanac@H4ckmanac

A #Ransomware Attack Killed a Cow and Her Calf. In the Swiss canton of Zug, a ransomware attack on a farmer's computer systems, including a milking robot, resulted in the death of a cow and her calf. The cybercriminals demanded 10,000 Swiss Francs ($10,800) for decryption, but the farmer chose not to pay. Although the milking robot continued functioning without the network connection, the farmer could not access vital data, leading to the delayed detection of the cow's distress. The monetary damage, excluding the ransom, amounted to over €6,400. Read more: heise.de/en/news/Switze… #CyberAttack #CyberSecurity #Hack

Indonesia

456

Keşfet

@yellowhat_live @merill @Thomas_Live @knudsenmortendk @_POPPELGAARD @ByzzByskov @henrikwojcik @HeineKoldbro