AMSI and Machine Learning Help to Stop Active Directory Attacks and Other Post-exploitation Behavior

  Last week, Microsoft Defender ATP Research team blogged about Antimalware Scan Interface (AMSI)-driven behavior-based machine learning protections. AMSI helps security software detect malicious scripts by revealing script content and behavior. AMSI integrates with scripting engines on Windows 10 as well as Office 365 VBA to provide insights into the execution of PowerShell, WMI, VBScript, JavaScript, and Office VBA macros. So basically, AMSI’s […]

Is your Active Directory security relying on a single check-box?

Don’t trust your Active Directory Security to a single check-box! Trusting the disable check box in Active Directory is risky if additional steps are not taken to ensure the the user account will not be re-enabled with unintended (possibly disastrous) consequences. Often the best practice steps are overlooked or not followed because of the additional […]

Active Directory Best Practice Avoid Reversible Encryption

Just say no to Storing Passwords with Reversible Encryption There are several dozen settings settings within Active Directory that if used can weaken security and open your environment to the threat of compromise. The Store password using reversible encryption option is one of those settings. Normally when a password is set on a user account […]

Disable Active Directory Group

How to disable Active Directory Groups The ability to an Disable Active Directory Group is completely missing from Active Directory. Cayosoft’s Free Suspend Tool will allow effectively disable AD groups. “Disabling” groups is preferable to deleting the group because the group SID (Security ID) is retained for auditing and management purposes, but it must be done […]