You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
A. Impossible travel
B. Activity from anonymous IP addresses
C. Activity from infrequent country
D. Malware detection
https://lnkd.in/daUf3kW


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30

Microsoft Digital Defense Report
Get deep analysis about current threat trends and extensive insight from our experts on topics including big game ransomware, phishing, IoT threats, nation state activity, and more.
https://lnkd.in/dV2A355

Why Read This Report
In our 14-criterion evaluation of enterprise detection and response providers, we identified the 12 most significant ones — Bitdefender, BlackBerry Cylance, CrowdStrike, Cybereason, Elastic, Kaspersky, McAfee, Microsoft, Palo Alto Networks, SentinelOne, Trend Micro, and VMware Carbon Black — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk professionals select the right one for their needs.
https://lnkd.in/d5ddU7Y


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30

Microsoft Bug Bounty Program
https://lnkd.in/dzC6P3k

Microsoft Security Response Center
https://lnkd.in/d8EStbk

https://lnkd.in/dFTxdkK


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30

Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation
سرویس و محصولات مایکروسافت با رویکرد امنیت به شدت درخور توجه هست
البته بر بستر ابر - ترند شکار تهدیدات اش و بنچ مارک با سایر وندور ها نشان میده به شدت خوب داره کار میکنه
https://lnkd.in/dKDzvCJ


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.30

در صفحات ابتدایی نمایشنامه «شاه لیر» با دو دختر بزرگ "شاه لیر" مواجه هستیم که هر دو با چاپلوسی و تملق فراوان دل پدر را به دست آورده و قدرت را از دست او خارج می کنند. در این میان دختر سوم شاه به هیچ شرطی حتی محرومیت از ارث و قدرت حاضر به تملق و گزافه گویی برای پدر نمی شود و صداقت و صراحت با شاه را به قدرت و ثروت ترجیح می دهد. دو دختر تملق گوی و همسرانشان پس از مدتی علیه پدر شورش کرده و او را از خویش می رانند، اما در نهایت دختر سوم است که به یاری او می شتابد.. شاه لیر یکی از برترین تراژدی های نوشته شده در تاریخ نمایش است که توسط نبوغ شگرف ویلیام شکسپیر پرورده شده است. شکسپیر در این نمایشنامه آز و طمع متملقان اطراف حاکمان را گوشزد می کند و یادآوری می کند که دوست و یار وفادار حاکم نه افراد تملق گوی بلکه شخصیت هاییست که برای قدرت کیسه ندوخته اند و با جسارت و شهامت اشتباهات حاکم را گوشزد می کنند و آنها را از اعمال خانه برانداز و تصمیمات جاهلانه برحذر می دارند.ولی افسوس که حاکمان و سلاطین عادت چندانی به ادبیات و مطالعه ندارند.


‎-آنکه تملق و چاپلوسی میکند، در دل آز و طمع می پروراند-

1400.03.31

AZ-500 Course Introduction


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

PYTHON CRASH COURSE


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

OSINT All in one

https://start.me/p/L1rEYQ/osint4all


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Advanced Persistent Threat -APT Reference:

https://attack.mitre.org/groups/

https://github.com/cyber-research/APTMalware

https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?usp=sharing

https://www.fireeye.com/current-threats/apt-groups.html

https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections

https://gist.github.com/Neo23x0/c4f40629342769ad0a8f3980942e21d3

https://malpedia.caad.fkie.fraunhofer.de/actors

https://www.thaicert.or.th/downloads/files/Threat_Group_Cards_v2.0.pdf

https://apt.thaicert.or.th/cgi-bin/aptsearch.cgi

https://github.com/jeevansio/APT_Digital_Weapon


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

يك مديريت وصله در سازمان شما رو ٣ هيچ از نفوذگران جلو مي اندازد
لطفا دارايي هاي سازمان را بروز - در لحظه بروز رساني كنيد
رفع عدم وصله و ميس كانفيگ

ترندي هست در كشور - اين آسيب پذيري قديمي


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

BTFM
Blue Team Field Manual
كتابچه ارزشمند - تيم هاي امنيت دفاعي/آبي
https://edu.heibai.org/Blue%20Team%20Field%20Manual.pdf


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

In looking into compromised systems, often what is needed by incident responders and investigators is not enabled or configured when it comes to logging. 
https://www.malwarearchaeology.com/cheat-sheets
To help get system logs properly Enabled and Configured, below are some cheat sheets to help you do logging well and so the needed data we all need is there when we look

https://www.malwarearchaeology.com/s/Windows-Logging-Cheat-Sheet_ver_Feb_2019.pdf

https://www.malwarearchaeology.com/s/Windows-Advanced-Logging-Cheat-Sheet_ver_Feb_2019_v12.pdf

https://www.malwarearchaeology.com/s/Windows-Humio-Logging-Cheat-Sheet-v10-fw66.pdf

https://www.malwarearchaeology.com/s/Windows-Splunk-Logging-Cheat-Sheet-v222.pdf

https://www.malwarearchaeology.com/s/Windows-File-Auditing-Cheat-Sheet-ver-Nov-2017-3fwr.pdf

https://www.malwarearchaeology.com/s/Windows-Registry-Auditing-Cheat-Sheet-ver-Aug-2019.pdf

https://www.malwarearchaeology.com/s/Windows-PowerShell-Logging-Cheat-Sheet-ver-Sept-2018-v22.pdf

https://www.malwarearchaeology.com/s/Windows-Sysmon-Logging-Cheat-Sheet_Jan_2020-g7sl.pdf

https://www.malwarearchaeology.com/s/Windows-ATTCK_Logging-Cheat-Sheet_ver_Sept_2018.pdf

https://www.malwarearchaeology.com/s/Windows_LOG-MD_ATTCK_Cheat_Sheet_ver_Sept_2018.pdf

https://github.com/MalwareArchaeology/ATTACK


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://musclewiki.com
وب سايت جالبي براي ورزش، ابزار هاي استانداردي هم براي رژيم و مصرف كالري داره🤓


‎-سلامتي-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

https://www-socinvestigation-com.cdn.ampproject.org/c/s/www.socinvestigation.com/linux-audit-logs-cheatsheet-detect-respond-faster/amp/


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Threat Research
1. Quick Analysis for the SSID Format String Bug in iOS Wi-Fi service
https://blog.chichou.me/2021/06/20/quick-analysis-wifid
2. Apple account takeover vulnerability
https://thezerohack.com/apple-vulnerability-bug-bounty
3. XXE in JDOM library (PoC for CVE-2021-33813)
https://alephsecurity.com/vulns/aleph-2021003

Red Team Tactics
1. Bypassing Image Load Kernel Callbacks
https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks
2. Pwning Home Router - Linksys WRT54G
https://elongl.github.io/exploitation/2021/05/30/pwning-home-router.html

exploit
CVE-2021-30658:
M1 Macs GateKeeper bypass (PoC)
https://wojciechregula.blog/post/m1-macs-gatekeeper-bypass-aka-cve-2021-30658

Offensive security
1. Exploiting the notoriously unsafe gets() on a PAC-protected ARM64 binary
https://blog.ret2.io/2021/06/16/intro-to-pac-arm64
2. A Little More on the Task Scheduler's Service Account Usage...
https://www.tiraniddo.dev/2021/06/a-little-more-on-task-schedulers.html?m=1


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

CISO Series: Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2
This is the sixth blog in the Lessons learned from the Microsoft SOC series designed to share our approach and experience from the front lines of our security operations center (SOC) protecting Microsoft and our Detection and Response Team (DART) helping our customers with their incidents. For a visual depiction of our SOC philosophy, download our Minutes Matter poster.
https://lnkd.in/dn9wgyN


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Cloud Adoption Framework (Secure Methodology) - https://aka.ms/CAFsecure - Security Program and Strategy Guidance
Microsoft Cybersecurity Reference Architectures (MCRA) - https://aka.ms/MCRA
Microsoft Security Documentation - https://lnkd.in/eufX45M
Best Practice Documentation and Videos - https://lnkd.in/emVhNnT
Cybersecurity Training (CISO Workshop) - https://lnkd.in/eqaNAkh
Mapping to NIST CSF and ISO 27001 - https://lnkd.in/erZctXq

Recent Events
Solorigate / SUNBURST - https://aka.ms/solorigate


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Privileged Access and Identity
Your Pa$$word Doesn't Matter - https://lnkd.in/emdNd5t
Securing Privileged Access Main Page (https://aka.ms/SPA) - Complete strategy, prescriptive roadmap, and implementation steps for reducing organizational risk from these attack techniques (used in human operated ransomware as well as advanced targeted data theft attacks). This includes a
Rapid Modernization Plan (RAMP) – https://aka.ms/SPA-RAMP
Securing Workstations – https://aka.ms/PAW 
Privileged Access Strategy - https://lnkd.in/eCYZrfc
Success criteria for strategy - https://aka.ms/SPA-Success
Security levels - https://aka.ms/SPA-levels
Securing Accounts – https://aka.ms/spa-account 
Securing Intermediaries – https://lnkd.in/eDySjRb
Securing Interfaces – https://lnkd.in/eVqJpnF
Deploying a privileged access solution - https://aka.ms/deploySPA
Enterprise access model (update of Tier Model) - https://aka.ms/AccessModel
Additional Resources:
Credential Theft Demonstration (~10 minutes) - https://lnkd.in/eUeBMXT
RSA Conference Presentation - Co-presentation with Tony Sager of the Center for Internet Security (CIS) on this aspect of critical hygiene - https://lnkd.in/eYVkrAF


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Incident Response and Recovery
IR Resource Page (https://aka.ms/IR) with links and pointers
IR Reference Guide - Lessons learned and recommendations from Microsoft, EY, Edelman, and Orrick to manage major incidents based on our collective experience (technical, operational, legal, and communications)
NIST Guide for Cybersecurity Event Recovery - https://lnkd.in/g_fUe5B
Microsoft's Detection and Response Team (DART) - https://aka.ms/DART


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Cybersecurity for Business Leaders
Security Return on Investment (ROI) Video (1.5 minutes) - https://lnkd.in/gwAs8Nf
Cybersecurity Resilience - https://lnkd.in/gHTjScp
Zero Trust Business Plan - and metrics for leaders and executives

Security Operations (SecOps) / [Center] (SOC)
CDOC Blog Series - Part 1 | Part 2a | Part 2b | Part 3a | Part 3b | Part 3c | Part 3d
SOC Process Framework - Azure Sentinel Workbook with detailed guidance on roles, processes, and much more.
Poster - https://lnkd.in/g_UnYWa
Video from Microsoft’s Virtual Security Summit (starting at 1:05:48) -


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31

Enterprise Patch Management
Patching as a Social Responsibility

Microsoft Azure
Azure Security Top 10 best practices - documentation and videos
Azure Security Benchmarks - Microsoft's security best practices, including security baselines to rapidly configure security for the most popular azure services
Well Architected Framework - Security Guidance focused on protecting workloads
Azure Security Documentation - http://aka.ms/AzureSecInfo
Feature Updates - https://lnkd.in/gpT4QaR

Azure Sentinel
Microsoft's Cloud Native SIEM and SOAR capability
Azure Sentinel Documentation
Project VAST dashboard - Discover old insecure protocols creating risk

Office 365 Security
Prioritized Recommendations - Roadmap of security recommendations for protecting Office 365 against top attacks and prioritize by things to do in the first 30 days, first 90 days and beyond.
Feature updates - https://lnkd.in/gqmGdW2

Application/Development Security
Innovation Security - CAF Secure discipline describing program and strategy guidance
DevSecOps Controls - CAF Secure article describing key technical controls


‎-آگاهي رساني امنيت سايبري-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1400.03.31