Remember the good βol days of Zip drives, Winamp, the advent of βOffice 365,β and copy machines that didnβt understand email authentication? Okay, maybe they werenβt so good! For a [β¦]
The post Stop Spoofing Yourself! Disabling M365 Direct Send appeared first on Black Hills Information Security, Inc..
Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Letβs face it, some cases are just more interesting than others and, when you do incident response for [β¦]
The post OSINT for Incident Response (Part 2) appeared first on Black Hills Information Security, Inc..
Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are [β¦]
The post OSINT for Incident Response (Part 1) appeared first on Black Hills Information Security, Inc..
Patterson Cake // PART 1 PART 2 In part one of βWrangling the M365 UAL,β we talked about acquiring, parsing, and querying UAL data using PowerShell and SOF-ELK. In part [β¦]
The post Wrangling the M365 UAL with SOF-ELK and CSV Data (Part 3 of 3) appeared first on Black Hills Information Security, Inc..
Patterson Cake // In PART 1 of βWrangling the M365 UAL,β we talked about the value of the Unified Audit Log (UAL), some of the challenges associated with acquisition, parsing, [β¦]
The post Wrangling the M365 UAL with SOF-ELK on EC2 (Part 2 of 3) appeared first on Black Hills Information Security, Inc..
Patterson Cake // When it comes to M365 audit and investigation, the βUnified Audit Logβ (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend [β¦]
The post Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3) appeared first on Black Hills Information Security, Inc..
Login