Tag: Featured
-
Dear Reader, Recently, I’ve observed a noticeable increase in attempts to disable or bypass Windows Defender components — particularly via scripts or misused administrative tools like reg.exe, sc.exe, or even Set-MpPreference. These attempts often target features like: The good news? Microsoft Defender for Endpoint (part of the Microsoft XDR suite) does a great job detecting…
-
This paragraph serves as an introduction to your blog post. Begin by discussing the primary theme or topic that you plan to cover, ensuring it captures the reader’s interest from the very first sentence. Share a brief overview that highlights why this topic is important and how it can provide value. Use this space to…
-
This paragraph serves as an introduction to your blog post. Begin by discussing the primary theme or topic that you plan to cover, ensuring it captures the reader’s interest from the very first sentence. Share a brief overview that highlights why this topic is important and how it can provide value. Use this space to…
-
In my latest test setup, I focused on capturing and validating Windows Security Event ID 4728, which logs whenever a user is added to a security-enabled global group—a critical action for monitoring privilege escalation. I started by configuring a custom Data Collection Rule (DCR) via Azure Monitor Agent (AMA) to stream only high-value security events…