This blog is how to setup a physical lab environment for Microsoft Defender for IoT to get experience in deployment and usage of the product with real OT devices. Microsoft also supplies an out-of-the box lab environment with PCAPs etc. I will use and describe my personal lab with hard…

While BEC (Business E-mail Compromise) attacks are prevented by Number Matching Multi Factor Authentication (enabled on global scale by Microsoft on May 8, 2023), AiTM (Adversary in The Middle) attacks are the next challenge. AiTM is a type of phishing attack where the session cookie is stolen via a ‘in…

The number of BEC (Business Email Compromise) and AiTM (Adversary in The Middle) attacks are growing significantly since 2023 (source: Abnormal security) and are getting more complex (e.g. via the use of the supply chain attacks and manual interaction). BEC (Business Email Compromise) is a phishing attack used by…

MDE | Device Discovery Microsoft Defender for Endpoint (MDE) devices scans the corporate network for different type of devices: Computers & mobile (supported O.S.; Windows, Mac, iOS & Android) Network devices IoT devices The device discovery is enabled by default and cannot be disabled, only set in passive mode instead of active mode.

Microsoft Defender Threat Intelligence (MDTI) is the TI solution from Microsoft (previous RiskIQ) to detect 0-day and pre-firewall threats…

Microsoft Defender EASM (External Attack Surface Management) is the Microsoft (one of the two products from the RiskIQ acquisition, the 2nd product is MDTI) pre-firewall CSPM (Cloud Security Posture Management) tool. The tool detects and classifies vulnerabilities of external (internet connected) resources like IP, domain, etc. MDEASM Setup The setup of Microsoft…

The first part I describes the setup of the generic AZ3166 IoT device in Azure IoT services like the IoT Hub, agentless scanning features and the Microsoft Defender for IoT integration. The second part will go deeper into Azure Sphere MT3620 lab setup. First a new overview of Azure IoT…

This blog is part of two series. The first part describes the Azure IoT security basics overview and the setup of a hardware IoT device lab with the MXCHIP AZ3166 IOT-DevKit. The second part will go deeper into Azure Sphere. I am not an expert in Azure IoT (yet) so…

Ps. this is my personal view on the difference between OT & IoT with black&white glasses on, there are of course grey areas but I don’t want to make it too complex. Let’s first set the scene from the ‘better’ known IT (Information Technology) Security perspective. A bad actor…