Open in app

Sign In

Write

Sign In

Derk van der Woude
Derk van der Woude

249 Followers

Home

About

Apr 21

Exploit IoT devices and how to prevent via MDE | Enterprise IoT

MDE | Device Discovery Microsoft Defender for Endpoint (MDE) devices scans the corporate network for different type of devices: Computers & mobile (supported O.S.; Windows, Mac, iOS & Android) Network devices IoT devices The device discovery is enabled by default and cannot be disabled, only set in passive mode instead of active mode.

3 min read

Exploit IoT devices and how to prevent via MDE | Enterprise IoT
Exploit IoT devices and how to prevent via MDE | Enterprise IoT

3 min read


Apr 5

Connect Microsoft Defender Threat Intelligence (MDTI ) to Microsoft Sentinel and enrich Incidents via the MDTI API

Microsoft Defender Threat Intelligence (MDTI) is the TI solution from Microsoft (previous RiskIQ) to detect 0-day and pre-firewall threats…

6 min read

Connect Microsoft Defender Threat Intelligence (MDTI ) to Microsoft Sentinel and enrich Incidents…
Connect Microsoft Defender Threat Intelligence (MDTI ) to Microsoft Sentinel and enrich Incidents…

6 min read


Mar 26

Connect Microsoft Defender EASM to Microsoft Sentinel for Incident enrichment

Microsoft Defender EASM (External Attack Surface Management) is the Microsoft (one of the two products from the RiskIQ acquisition, the 2nd product is MDTI) pre-firewall CSPM (Cloud Security Posture Management) tool. The tool detects and classifies vulnerabilities of external (internet connected) resources like IP, domain, etc. MDEASM Setup The setup of Microsoft…

4 min read

Connect Microsoft Defender EASM to Microsoft Sentinel for Incident enrichment
Connect Microsoft Defender EASM to Microsoft Sentinel for Incident enrichment

4 min read


Feb 13

Azure IoT Security part II | Azure Sphere

The first part I describes the setup of the generic AZ3166 IoT device in Azure IoT services like the IoT Hub, agentless scanning features and the Microsoft Defender for IoT integration. The second part will go deeper into Azure Sphere MT3620 lab setup. …

5 min read

Azure IoT Security part II | Azure Sphere
Azure IoT Security part II | Azure Sphere

5 min read


Feb 9

Azure IoT Security basics

This blog is part of two series. The first part describes the Azure IoT security basics overview and the setup of a hardware IoT device lab with the MXCHIP AZ3166 IOT-DevKit. The second part will go deeper into Azure Sphere. I am not an expert in Azure IoT (yet) so…

4 min read

Azure IoT Security basics
Azure IoT Security basics

4 min read


Jan 18

The difference between IoT and OT from a Security perspective

Ps. this is my personal view on the difference between OT & IoT with black&white glasses on, there are of course grey areas but I don’t want to make it too complex. Let’s first set the scene from the ‘better’ known IT (Information Technology) Security perspective. A bad actor has…

5 min read

The difference between IoT and OT from a Security perspective
The difference between IoT and OT from a Security perspective

5 min read


Jan 13

Microsoft Defender and network devices (lab setup)

This blog is about setting up a lab environment for Microsoft Defender products which require network devices (switch). The following Microsoft Defender products are in-scope of this blog: Microsoft Defender for Endpoint Microsoft Defender for IoT (Enterprise IoT) I used a Cisco SG250 which is a 8-port managed switch with…

5 min read

Microsoft Defender and network devices (lab setup)
Microsoft Defender and network devices (lab setup)

5 min read


Dec 30, 2022

Detect malicious Raspberry Pi or Arduino devices via MDE device discovery and Enterprise IoT

IoT (Internet of Things) devices are often unsecure by default (e.g. default admin username/password and/or not up-to-date software with vulnerabilties). Also these type of devices can be malicious (e.g. …

5 min read

Detect malicious Raspberry Pi or Arduino devices via MDE device discovery and Enterprise IoT
Detect malicious Raspberry Pi or Arduino devices via MDE device discovery and Enterprise IoT

5 min read


Dec 2, 2022

Azure AD Identity Protection - Risky Workload alert e-mail notification

Let’s start with thanks and credits for the Azure AD Identity Protection product group for working closely together on the latest detection and remediation features. For our partner webinar Azure AD Identity Protection on Azure AD Workloads see https://www.youtube.com/watch?v=r_pPc6QhPlM In my previous blog Leaked credentials for Workload identities, I described…

5 min read

Azure AD Identity Protection - Risky Workload alert e-mail notification
Azure AD Identity Protection - Risky Workload alert e-mail notification

5 min read


Nov 23, 2022

Micosoft Defender Attack Paths

Attack paths, for example LPE (Local Privilege Escalation) and RCE (Remote Code Execution) are TTPs (Tactics, Techniques and Procedures) used by black hat (bad actors) and/or white hat (ethical hackers) to get access to the environment. Microsoft Defender for Identity [MDI; Active Directory] and Microsoft Defender for Cloud [MDA; Azure…

4 min read

Microsoft Defender Attack Paths
Microsoft Defender Attack Paths

4 min read

Derk van der Woude

Derk van der Woude

249 Followers

Chief Technology Officer @ Nedscaper

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams