Bypassing Defender EDR using Windows Firewall - mitigations
Attackers can use Windows Firewall to block EDR telemetry leaving the endpoint. Read-on for how this is mitigated. ...
Posts
Access api.securitycenter.microsoft.com interactively with PowerShell
This post is an introduction to accessing the Defender Security Center API in PowerShell using interactive authentication. It is the basis for building tools and scripts to enhance day-to-day productivity that I’ll explore in future posts. ...
Audit Installed VSCode Extensions with PowerShell
The recent incident of malicious extensions in the Visual Studio Code Marketplace got me thinking about how to audit extensions across a large estate. This post includes a script to get installed extensions on a local or remote computer. ...
Purview Information Protection Deep Dive Pt3 - Recommendations and Limitations
Part three of a deep dive series on Purview Sensitivity Labels: Part 1 - Manual Labelling Part 2 - Automatic Labelling Part 3 - Recommendations and Limitations ...
Purview Information Protection Deep Dive Pt2 - Automatic Labelling
Part two of a deep dive series on Purview Sensitivity Labels: Part 1 - Manual Labelling Part 2 - Automatic Labelling Part 3 - Recommendations and Limitations ...