Raitlin

Reminder that we recently start publishing sample #AdvanceHunting queries for #MicrosoftThreatProtection on GitHub: https://github.com/microsoft/MTP-AHQ …. #MTP is in public preview https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/introducing-the-integrated-microsoft-threat-protection-solution/ba-p/1059225 …. Unleash the hunter in you by correlating email (#O365ATP) and endpoint (#MDATP) data.pic.twitter.com/4qKhP8QZdI

Have you been wanting to open Windows Terminal with specific tabs and panes? Check out what's coming soon to the Terminal in our latest status update! https://github.com/microsoft/terminal/issues/3600 …pic.twitter.com/JpJZBnHZqH

Join me and @CptJesus on Tuesday, February 11th as we unveil #BloodHound 3.0! We will demo new attack primitives, performance improvements, and changes in the GUI. Register for the webinar here (recording available afterwards): https://specterops.zoom.us/webinar/register/WN_Ak7pi_zxSM28HBIl5RIVWw …pic.twitter.com/pP4BxRE0tN

New assessments available in the public preview of Microsoft Compliance Score help assess your compliance posture for ISO/IEC 27701:2019, California Consumer Privacy Act (CCPA), Brazil Lei Geral de Proteção de Dados (LGPD), SOC 1 Type 2 and SOC 2 Type 2: https://www.microsoft.com/en-us/microsoft-365/blog/2020/01/27/microsoft-compliance-score-address-changing-data-privacy-landscape/ …pic.twitter.com/GSXOl75Gc0

New dates and location for #MSIgnite! Save September 21-25, 2020 and join us in New Orleans. Pre-register today for an amazing week of technical training and more: http://msft.it/6010Tk5Bo pic.twitter.com/MDE72hf7FK

Nice of Microsoft to add telemetry for #CVE-2020-0601, they are expecting exploitation New Function in crypt32.dll - ChainLogMSRC54294Error CveEventWrite(L"[CVE-2020-0601] cert validation", v8); #diaphorapic.twitter.com/1eW8YZUIWB

No fancy EDR required to capture CVE-2020-0601 attempts (after patching). Just ensure you're forwarding Application log events. Currently, CVE-2020-0601 is the only Microsoft code (AFAIK) that calls the CveEventWrite API so event noise is not a concern. https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-cveeventwrite …pic.twitter.com/JWPnaMaIqB

This #PatchTuesday you are strongly encouraged to implement the recently released CVE-2020-0601 patch immediately. https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF …pic.twitter.com/log6OU93cV

Windows Defender Antivirus detects files w/crafted certificates exploiting the certificate validation vulnerability: ​Exploit:Win32/CVE-2020-0601.A (PE files) Exploit:Win32/CVE-2020-0601.B (Scripts) Also, #Microsoft Defender ATP has a threat report on your posture. #CVE-2020-0601pic.twitter.com/dFqJV5za8F

https://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/ … To all Windows users everywhere - patch your systems now! (#MDATP and #WDAV have coverage for attempted exploitation of CVE-2020-0601).pic.twitter.com/FfNp2Vc1Xh

Mass scanning activity detected from 82.102.16.220 () checking for Citrix NetScaler Gateway endpoints vulnerable to CVE-2019-19781. Affected organizations are advised to apply the mitigation steps provided by Citrix as no patch exists yet. https://support.citrix.com/article/CTX267027 … #threatintelpic.twitter.com/mTfky68JEh