Sentinel Query: Detect ZeroLogon (CVE-2020-1472)

In August 2020 Microsoft patched the ZeroLogon vulnerability CVE-2020-1472. In summary, this vulnerability would allow an attacker with a foothold in your network to become a domain admin in a few clicks. The attacker only needs to establish a network connection towards the domain controller. At NVISO we are supporting multiple clients with our MDR […]

Windows Hardening in the cloud with Azure Automation

In a previous blogpost, we discussed the OS hardening baselines for Windows Server 2016 written in PowerShell DSC, which we made publicly available on the NVISO GitHub page. Using this, you can define your own hardening baseline to use within your own environment. Once a baseline is defined, we want to apply it to the […]

Windows Server Hardening with PowerShell DSC

Operating system hardening is the process of improving the security of a default OS installation to minimize the attack surface that can be exploited by an attacker. But doing this manually on each system that is deployed on-premise or in the cloud is a cumbersome task. It can lead to inconsistent security configurations because of […]

Azure Security Logging – part 2: security-logging capabilities of Azure resources

In this second blog post in a series about Azure Security Logging, we will focus on some of the key services that are used in most Azure deployments. We go into detail how logging can be enabled, what logging options are available and what relevant data is generated. Log sources in Azure At the moment […]

Azure Security Logging – part I: defining your logging strategy

In this first blog post in a series about Azure Security Logging, we will give a general overview of the types of logs available for Azure services including their storage options. We will also discuss how to define a security logging strategy in Azure. In the upcoming blog posts, we will go into detail about […]