Tweets are personal
Joined January 2011
- Tweets 1,126
- Following 405
- Followers 341
- Likes 456
12 Photos and videos
Dimitrios Margaritis retweeted
2 Jul 2024
I recommend reading this thread as it gives some great insight and stories into incidents. #DFIR
Also, the current top comment on there is freaking incredible!
reddit.com/r/sysadmin/commen…
4
123
413
39,374
6 Apr 2023
Implementing ASR rules using Defender telemetry is not so difficult as it was in the past. But it takes time... Interesting article blog.palantir.com/microsoft-…
1
4
54
3,688
6 Apr 2023
Lately a third mode Warn was added which useful while moving from audit to block
1
152
Dimitrios Margaritis retweeted
13 Sep 2022
Tiered Administration is among the strongest security controls that exist.
But the vast majority of organizations do not use it.
Here is how you can get started using Tiered Administration TODAY in your #Azure environments: 🧵
6
135
442
Today I'm happy to announce my newest and most ambitious project - the Azure Threat Research Matrix (ATRM). A similar look to MITRE ATT&CK Enterprise, but the ATRM will cover AzureAD and Azure resource TTPs. Official blog post: techcommunity.microsoft.com/… (1/2)
15
256
775
Dimitrios Margaritis retweeted
5 Jul 2022
Investigated the tool and its detections during our previous colaborative research months back.
As it seems it is actively exploited for malicious purposes by high profile actors as well.
Very nice outline by the @Unit42_Intel team ;).
unit42.paloaltonetworks.com/…
1
31
97
3 Jul 2022
I suppose that blocking ISO in Windows helps malicious.link/post/2022/blo… Delivery of .lnk in similar archives like rar, zip is very old technique. EDRs should alert if not block such behavior.Does #MicrosoftDefender /MicrosoftSentinel Prevent/Detect this? @MSFTSecurity @MsftSecIntel
3 Jul 2022
Fake invoice delivering #icedid via #iso as an attachment
Sample > tria.ge/220630-yahtesbhc5/be…
@malwrhunterteam @TheDFIRReport @vxunderground @CuratedIntel
trying out new infection flow
Dimitrios Margaritis retweeted
2 Jul 2022
91 DaysToGo – If you use an MDM/MAM solution, use it to deploy new profiles. Here’s how to use Intune to set the auth mechanism for iPhone and iPad. If you don’t have an MDM, simply remove and re-add the account from the device and it should automatically switch to Modern Auth.
19
34
3 Jul 2022
31 Mar 2022
Why Zero Trust architecture will disrupt the cybersecurity industry, the same way Netflix disrupted Blockbuster itwire.com/guest-articles/gu… Each organization needs to find its own way to 0trust and certainly there is NO a magic product to buy and forget the cybersecurity issues
25 Mar 2022
MUST for Azure MFA: 1) For user awareness edit the the company branding page to write an awareness message 2)use number matching in multifactor authentication (MFA) notifications docs.microsoft.com/en-us/azu…
22
70
22 Mar 2022
More information security for EU Institutions and Agencies ec.europa.eu/info/about-euro…
1
Today, the @EU_Commission made a proposal for a Regulation on cybersecurity at the EU institutions, bodies and agencies. The objectives: 1) Increase the level of cybersecurity at these organisations; 2) Reinforce the mandate and funding of @CERTEU
💻🔐🤝
ec.europa.eu/info/publicatio…
2
56
85
30 Nov 2021
Defender ATP for endpoint generates many false positives for Powemotet infections
Dimitrios Margaritis retweeted
7 Aug 2021
PetitPotam is another example of the world outside processes, powershell, dlls. Almost 5yrs have been recommending to monitor ADCS logs, specifically Channel: Security EventID: 4887. Detections like this aren’t as clear cut, but just as useful & cover entire other attack paths.
25 Mar 2017
Windows Event Logs Zero 2 Hero: find bad; powershell, wmi, AD backdoors more
youtu.be/H3t_kHQG1Js?t=1m39s
1
34
115
Dimitrios Margaritis retweeted
17 Jun 2021
5 months ago @tifkin_ and I started looking into the security of Active Directory Certificate Services. Today we're releasing the results of that research- a blog post posts.specterops.io/certifie… a 140-page whitepaper and defensive audit tool (links at the top of the post) [1/6]
32
631
1,307