Course: Microsoft Future Ready: Fundamentals of Enterprise Security

Microsoft attack detection products Microsoft has several products that can be used to detect suspicious activity on an organization’s information systems based on collection and analysis of telemetry. These products …

Code Integrity (CI) policies allow you to restrict which applications and scripts can run on a computer. There are a variety of methods that you can use to enforce code …

A privileged access workstation (PAW) is a computer that is only used to perform administrative tasks. This computer has a locked-down configuration compared to computers used for day-to-day activities on …

During the execution phase, the blue team enacts the response plan to evict the intruder from the organization’s information systems and remediate the vulnerabilities in the security configuration that the …

Organizations shouldn’t attempt to evict an intruder until they have a good working understanding of the topology of the intrusion. Similarly, the method through which an intruder is evicted, and …

Overview Privilege escalation is the process by which an attacker acquires the ability to perform a greater variety of tasks on the organization’s information systems from those that they were …

Overview In the information security lexicon, a kill chain describes the structure of an attack against an objective. While usually used to describe the phases of a red team’s operation, …

Overview The blue team represents and is comprised of your organization’s existing information security and IT administration staff. While part of the purpose of red team exercises is to explore …

Overview When information systems are properly configured, all attacks, even those that are unsuccessful, leave some trace that they occurred. Clever attackers will attempt to remove those traces once they …

Reconnaissance Sophisticated attackers don’t randomly attack organizations. Sophisticated attackers spend a significant amount of time researching their target. An attacker will use the reconnaissance phase to determine whether a target …

Overview Lateral movement occurs when an attacker who has compromised one system is able to compromise another system on the network by using an existing compromised system as a jump …

Kill Chains are an idea originally taken from military strategy, which describes the structure of an attack against an objective. The company Lockheed Martin applied this idea to information security …

Persist presence When an attacker can persist their presence on a target organization’s information systems, it means that they have reliable remote access via a back door to the target …

When developing a red team versus blue team exercise it is important to specify the red team’s objective. The objective is the overall aim of the exercise and red teams …

Few attackers compromise an organization without having an objective beyond proving that the organization can be compromised. Attackers target organizations because they wish to accomplish one or more goals. When …