Cloud based email open on PC Education

Business Email Compromise Check List

As part of my Cyber SOC GitHub repo I’ve put together lots of resources to try and help people with some common cyber security tasks, applicable to CISOs through to SOC analysts.

I also want to highlight one of the most common incident types if you are an Office 365 customer is a business email compromise scenario, so I’ve put together a high level view of the steps you might want to take after a BEC event is discovered:

Read more “Business Email Compromise Check List”
Defense

Defending Against Direct Authentication Attacks in Microsoft Office 365

Whilst conducting security testing and assurance activities, I went looking to show logon events in Office 365. My first query was on IdentityEvents, this led to a view of a multi month attack by a threat actor/s against a tenent, followed by exploring the rabbit hole of logs and computer systems. This blog summarises some of the methods and findings when considering threat hunting and authentication defences for Office 365. (bear with me I am tired so this might need a bit of a tune up later!)

Read more “Defending Against Direct Authentication Attacks in Microsoft Office 365”
Guides

Reporting an email as phishing in Office 365 with…

Did you ever just ignore or delete a phishing email? I mean that’s great in one sense that you won’t have any negative impact. But if the email did get past the mail security filters, you can report it using the “Mark as phishing” option.

What if as well you wanted to not only enable users to report but also pass the intelligence onto the NCSC Suspicious Email Reporting Service (SERS)? How cool would that be! Well, have no fear people, we are going to show you how easy this stuff is to deploy and configure. Read more “Reporting an email as phishing in Office 365 with NCSC SERS”

Copyright (c) Xservus Limited