Sign up to save your podcasts
Or
Share The Microsoft Security Insights Show Episode 257 - Nathan Swift
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Microsoft Security Insights Show Episode 257 - Nathan Swift
Join us this episode as we welcome back fan favorite, Nathan Swift. This is a demo-heavy episode, so make sure to catch the live video replay if you can. Dive into the incredible potential of tools like Microsoft Defender EASM—a budget-friendly powerhouse for countless use cases—and unravel the magic of the TwistDNS algorithm in spotting typosquatting and phishing threats. From building Microsoft Sentinel Watchlists to crafting advanced integrations with Azure Container Instances, Logic Apps, and Functions, we’re here to keep your mind buzzing and your solutions thriving.
Show Notes/Links
* Nathan's GitHub repo: https://github.com/SwiftSolves-msft
* Nathan's old GitHub repo: https://github.com/SwiftSolves
* Sentinel DNSTwist Solution: https://github.com/swiftsolves-msft/Sentinel-DNSTwist-Solution
Just good old plain security stuff:
General:
* Everything Old Is New Again: Hardening the Trust Boundary of VBS Enclaves
* Meet the IMS team
* IMS Efficient Migration Methods
Threat Intelligence:
* Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
* StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
* Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Azure Security:
* Secure containers software supply chain across the SDLC
* Microsoft Defender for Cloud Customer Newsletter
* Integrating Security into DevOps Workflows with Microsoft Defender CSPM
* Public Preview: Key Attestation for Azure Managed HSM
Defender for Cloud:
* Secure your AI application transformation with Microsoft Defender for Cloud-V
* Manage cloud security posture with Microsoft Defender for Cloud -V
* What's new in Defender for Cloud features
Sentinel News:
* Integrating Radware WAF Logs with Microsoft Sentinel Using Logic Apps
* Case Management is now Generally Available
* What's new in Microsoft Sentinel
Microsoft Entra:
* ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison
* Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring
* Exploring the Extensibility of Active Directory Migration Service (ADMS)
* Tell us what you think: The Microsoft Entra blog team wants to hear from you!
* New innovations in Microsoft Entra to strengthen AI security and identity protection
* Insights from the Secure Employee Access report reveal the need for unified access security
* New user experience for consumer authentication
* Replace your legacy VPN with an identity-centric ZTNA
M365 Defender | XDR - (MDO, MDE, MDI, MDCA):
* Built-in report button is available in Microsoft Outlook across platforms
* Monthly news - March 2025
* Defending Against OAuth-Based Attacks with Automatic Attack Disruption
* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series
* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails
* Unveiling the Shadows: Extended Critical Asset Protection with MSEM
* Level up your defense: protect against attacks using stale user accounts
* Discover and protect Service Accounts with Microsoft Defender for Identity
* Protect SaaS apps from OAuth threats with attack path, advanced hunting and more
Security Copilot:
* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries
* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and Beyond
Microsoft Purview:
* APR 22 (8:00AM) Microsoft Purview | eDiscovery New User Experience and Retirement of Classic
* Inheriting Sensitivity Labels from Shared Files to Teams Meetings
* Export Search Results in eDiscovery
* Microsoft Purview AMA - Data Security, Compliance, and Governance
Microsoft Security Learning:
* Azure Network Security
* Microsoft 365 Advanced eDiscovery
* Microsoft Copilot for Security
* Microsoft Defender XDR
* Microsoft Defender External Attack Surface Management
* Microsoft Defender for Cloud
* Microsoft Defender for Cloud Apps
* Microsoft Defender for Endpoint
* Microsoft Defender Experts
* Microsoft Defender for Identity
* Microsoft Defender for IoT
* Microsoft Defender for Office 365
* Microsoft Defender Threat Intelligence
* Microsoft Defender Vulnerability Management
* Microsoft Purview Insider Risk Management
* Microsoft Purview Data Lifecycle & Records Management
* Microsoft Purview Information Protection
* Microsoft Purview Data Loss Prevention
* Microsoft Purview Communication Compliance
* Microsoft Purview Compliance Manager
* Microsoft Sentinel
* Microsoft Sentinel Notebooks
* Microsoft Unified SOC Platform
Microsoft Security Github’s:
* Azure Network Security GitHub
* Microsoft Defender for Cloud GitHub
* Microsoft Sentinel GitHub
* Microsoft Defender XDR GitHub
* Microsoft Defender for Cloud Apps GitHub
* Microsoft Defender for Identity
* Microsoft Purview
Webinars and Stuff:
* APR 23 (9:00AM) Microsoft Defender XDR | SaaS Security Exposure Reduction via the Exposure Management Platform
* APR 24 (9:00AM) Microsoft Defender XDR | Secure Your Servers with Microsoft's Server Protection Solution
Notes, Tips and Tools:
* Blue Team Handbook: https://amzn.to/4ir9lfG
* dnstwist: https://github.com/elceef/dnstwist
* domain name permutation engine: https://www.mankier.com/1/dnstwist
* Crime mapper: https://mr-r3b00t.github.io/crime-mapper/experimental_mapper.html
* Website mapping: https://addons.mozilla.org/en-US/firefox/addon/lightbeam-chik
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com
View all episodes
By Rod TrentJoin us this episode as we welcome back fan favorite, Nathan Swift. This is a demo-heavy episode, so make sure to catch the live video replay if you can. Dive into the incredible potential of tools like Microsoft Defender EASM—a budget-friendly powerhouse for countless use cases—and unravel the magic of the TwistDNS algorithm in spotting typosquatting and phishing threats. From building Microsoft Sentinel Watchlists to crafting advanced integrations with Azure Container Instances, Logic Apps, and Functions, we’re here to keep your mind buzzing and your solutions thriving.
Show Notes/Links
* Nathan's GitHub repo: https://github.com/SwiftSolves-msft
* Nathan's old GitHub repo: https://github.com/SwiftSolves
* Sentinel DNSTwist Solution: https://github.com/swiftsolves-msft/Sentinel-DNSTwist-Solution
Just good old plain security stuff:
General:
* Everything Old Is New Again: Hardening the Trust Boundary of VBS Enclaves
* Meet the IMS team
* IMS Efficient Migration Methods
Threat Intelligence:
* Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
* StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
* Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
Azure Security:
* Secure containers software supply chain across the SDLC
* Microsoft Defender for Cloud Customer Newsletter
* Integrating Security into DevOps Workflows with Microsoft Defender CSPM
* Public Preview: Key Attestation for Azure Managed HSM
Defender for Cloud:
* Secure your AI application transformation with Microsoft Defender for Cloud-V
* Manage cloud security posture with Microsoft Defender for Cloud -V
* What's new in Defender for Cloud features
Sentinel News:
* Integrating Radware WAF Logs with Microsoft Sentinel Using Logic Apps
* Case Management is now Generally Available
* What's new in Microsoft Sentinel
Microsoft Entra:
* ADSS TSync vs Entra Cross-Tenant Sync: A Comprehensive Comparison
* Introducing Microsoft Entra Health alerts: An enhancement to tenant health monitoring
* Exploring the Extensibility of Active Directory Migration Service (ADMS)
* Tell us what you think: The Microsoft Entra blog team wants to hear from you!
* New innovations in Microsoft Entra to strengthen AI security and identity protection
* Insights from the Secure Employee Access report reveal the need for unified access security
* New user experience for consumer authentication
* Replace your legacy VPN with an identity-centric ZTNA
M365 Defender | XDR - (MDO, MDE, MDI, MDCA):
* Built-in report button is available in Microsoft Outlook across platforms
* Monthly news - March 2025
* Defending Against OAuth-Based Attacks with Automatic Attack Disruption
* Level Up Your App Governance With Microsoft Defender for Cloud Apps Workshop Series
* Strengthening Email Security: Our New Approach to Non-RFC Compliant Emails
* Unveiling the Shadows: Extended Critical Asset Protection with MSEM
* Level up your defense: protect against attacks using stale user accounts
* Discover and protect Service Accounts with Microsoft Defender for Identity
* Protect SaaS apps from OAuth threats with attack path, advanced hunting and more
Security Copilot:
* Empowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries
* Advancing Security Copilot with MAGIC: Automating Self-Correction in NL2KQL and Beyond
Microsoft Purview:
* APR 22 (8:00AM) Microsoft Purview | eDiscovery New User Experience and Retirement of Classic
* Inheriting Sensitivity Labels from Shared Files to Teams Meetings
* Export Search Results in eDiscovery
* Microsoft Purview AMA - Data Security, Compliance, and Governance
Microsoft Security Learning:
* Azure Network Security
* Microsoft 365 Advanced eDiscovery
* Microsoft Copilot for Security
* Microsoft Defender XDR
* Microsoft Defender External Attack Surface Management
* Microsoft Defender for Cloud
* Microsoft Defender for Cloud Apps
* Microsoft Defender for Endpoint
* Microsoft Defender Experts
* Microsoft Defender for Identity
* Microsoft Defender for IoT
* Microsoft Defender for Office 365
* Microsoft Defender Threat Intelligence
* Microsoft Defender Vulnerability Management
* Microsoft Purview Insider Risk Management
* Microsoft Purview Data Lifecycle & Records Management
* Microsoft Purview Information Protection
* Microsoft Purview Data Loss Prevention
* Microsoft Purview Communication Compliance
* Microsoft Purview Compliance Manager
* Microsoft Sentinel
* Microsoft Sentinel Notebooks
* Microsoft Unified SOC Platform
Microsoft Security Github’s:
* Azure Network Security GitHub
* Microsoft Defender for Cloud GitHub
* Microsoft Sentinel GitHub
* Microsoft Defender XDR GitHub
* Microsoft Defender for Cloud Apps GitHub
* Microsoft Defender for Identity
* Microsoft Purview
Webinars and Stuff:
* APR 23 (9:00AM) Microsoft Defender XDR | SaaS Security Exposure Reduction via the Exposure Management Platform
* APR 24 (9:00AM) Microsoft Defender XDR | Secure Your Servers with Microsoft's Server Protection Solution
Notes, Tips and Tools:
* Blue Team Handbook: https://amzn.to/4ir9lfG
* dnstwist: https://github.com/elceef/dnstwist
* domain name permutation engine: https://www.mankier.com/1/dnstwist
* Crime mapper: https://mr-r3b00t.github.io/crime-mapper/experimental_mapper.html
* Website mapping: https://addons.mozilla.org/en-US/firefox/addon/lightbeam-chik
Watch the live replay
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com