Exciting news - Defenders just got an awesome tool to stop macro-threats. We shipped detection mechanisms that expose macro behavior through runtime instrumentation. Built directly into O365 client apps and adopted by Windows Defender ATP via AMSI cloudblogs.microsoft.com/microsoftsecur…

Just released: a testing framework for mail security and filtering solutions. Includes tests for: • Sending spam and malware samples • Bad file attachments • Shellshock in headers • Evasion with manipulated Content-Disposition headers • ...many more github.com/TKCERT/mail-se…

#Azure Just In Time VM access is now integrated with the "Connect to virtual machine " blade, very cool and easy

Advanced Threat Protection for Azure Storage now in public preview azure.microsoft.com/blog/advanced-…

Sandboxing is now available for Windows Defender (opt-in for now)! Tons of credit to the Microsoft Security Intelligence team for their work on this (it wasn't easy), and thanks to Tavis Ormandy, Natalie Silvanovich, and other researchers who have helped make Defender even more secure cloudblogs.microsoft.com/microsoftsecur…

Azure Security Center PowerShell module is now GA ! github.com/Azure/azure-po… #AzureSecurityCenter #PowerShell

Using automation and Machine Learning *against* the Anti-malware vendors, interesting read: virusbulletin.com/uploads/pdf/co… #AntiMalware #AI

Microsoft Office Flow is a powerful orchestration tool (attractive to attackers) that enables user workflows to upload documents to external services or do forwarding of emails - security teams may not know this is available or how to find the logs: flow.microsoft.com/en-us/blog/sec…

New cryptocurrency mining operation was detected by Azure Security Center: azure.microsoft.com/en-us/blog/azu…

Azure ATP can integrate with MCAS and enable you to see on-premises activities and alerts in MCAS/Azure Sentinel, cool ! docs.microsoft.com/en-us/cloud-ap… #AzureATP #AzureSentinel

Tools I recommend to Windows users - reply with your secret tip / tool Setup: Ninite ninite.com Personal FW: GlassWire GlassWire glasswire.com Anti-Spy: ShutUp 10 @OOSoftware oo-software.com/en/shutup10

Exclusive: How Secret Dutch Mole Aided U.S.-Israeli Stuxnet Cyber Attack on Iran. For yrs an enduring mystery has surrounded the Stuxnet attack: How did US/Israel get the malware onto computers at the highly secured uranium enrichment plant? Now we know. news.yahoo.com/revealed-how-a…

Azure Sentinel latest new features: * Rule wizard with validation * Rule templates * Rule mapping to MITRE tactics * Workbooks (replacing dashboards) * Time range in alerts extended to days #AzureSentinel

Releasing a new tool to aide in Sysmon evasion, Shhmon (github.com/matterpreter/S…) with an associated blog post including defensive recommendations posts.specterops.io/shhmon-silenci…

For those that want a quick and short answer on Sentinel cost: $2/Gb on top of storage costs For 10 Gb/day, that's $29.44 for storage, $20 for Sentinel and a bit for others like Logic Apps. For a month, that's about $1500 (East US Azure region). Well worth it! #azuresentinel

Analyzing Real-World Exposure to Windows Credential Theft Attacks (PDF): lp.cyberark.com/rs/316-CZP-275…

Application guard for Office, about damn time! A much needed feature! #MSIgnite

Blue teamers, if you're interested in hearing more about using #AzureSentinel in threat hunting, check out this video from #MSIgnite by MsPJ 👉myignite.techcommunity.microsoft.com/sessions/83949…

A Blue Team guide to Azure & Office 365 monitoring 0x00sec.org/t/a-blue-team-…

Election day app exposes data on over 6.4 million Israelis: zdnet.com/article/netany… Ran Bar-Zik wrote a detailed technical article about the security flaws (Hebrew): internet-israel.com/%d7%97%d7%93%d…