- Extract plain-text password from Azure VM Reset Password feature
- Script to audit managed identities on VM and their role assignment
- Scan Azure VMs in the same subnet with Nmap
- Acquire Access Token from Azure App Service (Linux) System-Assigned Managed Identity
- Audit Azure Web App against NotLegit vulnerability
- Notes on Azure Policy Exemption
- Bulk upload Log4Shell IoC to Microsoft Sentinel Threat Intelligence
- Detect Azure VM with a Public IP associated
- Detect NSG inbound rule updated to allow All
- Query vulnerable VMs against Log4Shell vulnerability in Azure
- Play with Tag on Azure Subscriptions
- Use Azure Resource Graph to query Microsoft Defender for Cloud Plan on all subscriptions
- Quickly test Microsoft Sentinel REST API
- Create an alert with custom entity mapping using Microsoft Sentinel REST API
- Migrate alert rules to another Azure Sentinel in the same tenant
- Azure Sentinel Threat Intelligence API
- Count number of VMs & VMSS by OS type with Resource Graph Explorer
- Trigger an on-demand Azure Policy evaluation scan at Management Group scope
- Get Vulnerability Assessment Setting of Azure SQL Server in tenant with PowerShell
- Deploy Microsoft Defender for Servers via VM ARM template
- Laterally move by abusing Log Analytics Agent and Automation Hybrid worker
- Harvest credential from Custom Script Extension on Azure VM
- Azure Sentinel near-real-time (NRT) Analytics Rule ARM Template
- Azure Sentinel custom alert named based on detected resource
- Azure Sentinel Analytics Rule ARM Template
- Part 3 – Notify container image vulnerability assessment result to email using Azure Logic App
- Part 2 – Upload container vulnerability assessment result to Azure Storage Account
- Part 1 – Quick look at CICD Integration in Azure Security Center to scan your docker image
- Notes on Azure SQL Server Auditting should be enabled policy
- Notes on Azure Backup Soft-delete feature in a cybersecurity context
- Demystify Azure DDoS Protection Azure Policy
- Create an Azure Role Assignment Watchlist in Azure Sentinel
- Notes in Azure Storage Network Restriction
- Az-500: Quick notes on AAD hybrid identity
- Deny Azure Role Assignment with Azure Policy
- Multi-homing Logging with new Azure Monitor Agent
- Everything you need to know about allowBlobPublicAccess on Storage Account
- Get Alert Relation from an Incident using Azure Sentinel Incident Relation API
- Everything you need to know about Azure Security Center Alert Suppression
- Transform Azure Sentinel incident to Log Analytics Workspace with Logic App
- Be careful when you have escape char in Key Vault secret value
- ARM template for Azure VM with Guest Configuration
- Quick look at new Azure Sentinel Incident API
- Quick notes in deploying Guest Configuration Extension on Azure VM
- Guidance for CVE-2020-0796 SMBv3 Compression vulnerability patching on Azure VM
- Filter Azure Security Center alert name in Azure Sentinel incident rule
- Alert Grouping feature in Azure Sentinel
- Add custom Azure Policy to Azure Security Center Recommendation
- Export virtual machines with ASC monitoring agent issue
- Enable Microsoft Defender ATP integration in Azure Security Center programmatically
- Threat Detection for Key Vault in Azure Security Center
- Get all comments in an Azure Sentinel incident programmatically
- Query Azure Security Security Recommendation by different ways
- Update Azure Sentinel incident programmatically
- What Blue Team needs to know about Run Script feature in Azure
- Parse ExtendedProperty in Azure Sentinel alert for Logic App use
- Notify Azure Sentinel alert to your email automatically
- Guidance for CVE Crypto and RDG vulnerability patching on Azure VM
- Enable storage account analytics logging on all storage accounts
- Authenticate with Log Analytics workspace interactively in Azure Sentinel notebooks
- Get started with Azure Sentinel Notebooks
- Demystify alert generated by Azure Sentinel versus other 3rd products
- An analysis of Suspicious Authentication activity from Azure Security Center
- Quick notes on the use of securestring in Azure Blueprints
- Create a fully customized Azure Sentinel incident
- Essential tips for building a large Azure blueprint
- Delete an Azure Sentinel incident (from ASC)
- Azure Sentinel ARM Template
- Security Monitoring and Detection Tips for your Storage Account – Part 4
- Deploy Azure Security Center Blueprint
- Azure Security Center ARM Template
- Azure Disk Encryption ARM template for Windows VM
- Deploy a healthy development Windows virtual machine
- Query your virtual machine with Azure Resource Graph
- Azure ARM Template for VM Creation with AAD Sign-in
- A few ways to acquire Azure access token with scripting languages
- Security Monitoring and Detection Tips for your Storage Account – Part 3
- Extract all Azure Sentinel incidents
- Audit Azure Security Center in your tenant
- Connect Azure Security Center to Azure Sentinel programatically
- Walkthrough: deploy a compliance storage account blueprint
- Working with Azure Security Center Alert from Azure Sentinel
- Security Monitoring and Detection Tips for your Storage Account – Part 2
- Security Monitoring and Detection Tips for your Storage Account – Part 1
- Deploy a compliant Storage Account service
- Audit Azure App Service in your tenant
- VM Security Log to Event Hub for SIEM integration
- Be aware of Just-In-Time Azure VM
- Simulate alerts to be caught by ASC
- Catching sign-in activity of global admin
- Work with Azure Security Center alert in Log Analytics
- A bit about ASC Alert in Log Analytics workspace
- Azure RM Tool VS Code may trigger ASC alert
- Quick thought on CVE-2019-0962
- Trigger an alert when setting storage encryption with Key Vault
- Thoughts on Azure Sentinel
- Query private IP Address using Azure CLI
- Quick note on RunCommand feature on Azure VM
- Log Analytics Integration support on Azure AD
- A note behind Get-AzureKeyVaultSecret
- Notes with cross-subscription Event Hub
- Azure Firewall Role-Based Access Control
- Azure Firewall (Public Preview) Automation – Part 3
- Azure Firewall (Public Preview) Automation – Part 2
- Azure Firewall (Public Preview) Automation – Part 1
- Inconsistent password policy when updating VM password
- Azure Firewall Monitoring 101
- Quick look at Azure Firewall
- Defend your Azure virtual network with Defense In Depth strategy
- Some fun with Azure Key Vault REST API and HttpClient – Part 5
- Some fun with Azure Key Vault REST API and HttpClient – Part 4.1
- Some fun with Azure Key Vault REST API and HttpClient – Part 4
- Some fun with Azure Key Vault REST API and HttpClient – Part 3
- Some fun with Azure Key Vault REST API and HttpClient – Part 2
- Some fun with Azure Key Vault REST API and HttpClient – Part 1
- A little more about hardened Azure VM deployment
- Getting Azure AD access token via REST Call
- Connect to Azure AD using Microsoft Account with PowerShell
- Hardened Azure Virtual Machine Deployment
- Involve security consulting partner for vulnerability assessment on Azure
- Protecting your Azure virtual machine with Disk Encryption
- Security Monitoring In Azure IaaS Resources
- How much would you trust Microsoft Azure?
- Protecting your Azure Virtual Machine with Microsoft Antimalware
- Security shared responsibility in Azure IaaS
- Quick notes about self-signed certificate with Point-to-Site Azure VPN
- Microsoft Invitation makes my browser look hijacked?
- Brute-force attack mitigation on Microsoft Azure
- Enable Multi-factor authentication on the Azure Management Portal
- What is securitydata resource group in Microsoft Azure?
- Azure AD Application Proxy does not support WebSocket protocol