In this ResearchDev repository, I would like to share threat detection insights throughout Microsoft Defender XDR.
- Effectively captures all suspicious activities across email, endpoint, identity and application.
- Correlates alerts from different defenders into a single incident - this holistic view enhances the capabilities of SOC personnel for comprehensive monitoring and management of security incidents.
| Product | TEST/METHOD & Threat Detection |
|---|---|
| MDO | MDO Safe Attachments : Detonation & Deep Analysis Validation |
| MDE | Microsoft Defender AV Tampering, Defense Evasion |
| MDE | Windows Defender Firewall rule, EDR/AV Communication Tampering |
| MDE | LSASS credential dumping, MiniDump |
| Entra / MDA | Cloud identity abuse leading to Office 365 Exfiltration attack |
The views and opinions expressed herein are those of the author and do not necessarily reflect the views of company.