Beiträge von
Eric Soldierer

Expertenwissen von Eric Soldierer

| |

MDATP – Automatically isolating machines

Microsoft Defender Advanced Threat Protection is an EDR tool, which stands for Endpoint Detection and Response. Today I want to focus on the Response part.

When investigating an incident or alert in MDATP, you might come to the conclusion that it is best to isolate the machine from the network in order to prevent a worm from spreading. Although doing this by hand gives you the best control, there is a small delay between the alert arising and someone triggering the isolate action.

| | | Aktualisiert am: 27. Mai 2019

Extending MDATP Alerting – Sending Text Messages (SMS) and Push Notifications

By default, Microsoft Defender Advanced Threat Protection (MDATP) sends out emails when new alerts occur. However, what if we want to extend alerting beyond email?

In this post I will show you how we can use Microsoft Flow to extend the reporting capabilities of MDATP. We will send out Push Notifications (via the Flow app) as well as text messages (SMS).

Lets start with the Microsoft Flow portal (https://flow.microsoft.com). Sign in and select My Flows.

| |

BitLocker Hardware Verschlüsselung Empfehlung

English version can be found here.

Anfang November haben zwei Forscher aus Nijmegen, Niederlande, ein beunruhigendes Research paper veröffentlicht. In ihrer Forschung untersuchten sie die Hardware-basierte Verschlüsselung von modernen SSD Festplatten. Dabei fanden sie heraus, dass alle getesteten Modelle ohne den Schlüssel vollständig entschlüsselt werden können. Das originale Paper gibt es hier zum Download.

Microsoft reagierte darauf mit dem Advisory ADV180028. Darin wird empfohlen, Hardware-basierte Verschlüsselung vorerst zu deaktivieren und nur noch Software Verschlüsselung zu nutzen.

| |

BitLocker hardware encryption recommendation

German version can be found here.

In the beginning of November, two researchers from Nijmegen, Netherlands published a concerning research paper. In their research, they looked at hardware-based encryption of modern SSD drives. They found that every tested drive can be fully decrypted without knowing the key. The original paper can be downloaded here.

In reaction, Microsoft issued an Advisory ADV180028 in which they recommend to disable hardware-based encryption for now and only use software-based encryption.