We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
SAINTCON 2023 - Matt Durrin - The Need For Speed
Microsoft authentication and logging essentials: Identifying high-impact activity, prioritizing investigation and protecting user data through encryption, multifactor authentication, and log analysis.
- Microsoft’s authentication and audit logging can provide valuable information for investigations, but there are limitations, such as lack of visibility into email account activities.
- OWA can be a significant indicator of compromise, especially if an account is compromised through OAuth2 authorization.
- Using MD5 or other weak hashing algorithms can lead to identity theft and other issues.
- Biometric authentication and other advanced authentication methods can be effective against attackers.
- Centralizing data collection and using log analysis tools like Sentinel can improve incident response and detection.
- Monitoring for suspicious activities, such as repeated login attempts or unusual user behavior, can help detect potential security breaches.
- Encrypting drives and password protecting logs can help protect sensitive information.
- Using search filters and sentiment analysis can help identify high-impact activities and prioritize investigation efforts.
- Conducting thorough investigations, including reviewing audit logs, can help identify the scope of a breach and prevent further attacks.
- Implementing multi-factor authentication, including SMS-based MFA, can help reduce the risk of compromise.
- Using MFA bypass attacks can lead to significant financial losses, making MFA a crucial security measure.
- The ELK stack and other log analysis tools can help identify high-impact activities and prioritize investigation efforts.
- Conducting keyword searches and sentiment analysis can help identify potential security breaches and prioritize investigation efforts.