Welcome to another episode of CQURE Hacks Weekly – Investigating Risky Events Azure AD. This time we’re going to discuss how Azure AD Identity Protection is used to detect, analyze and investigate risky events related to user identities. You’ll learn how to configure User and Sign-in risk policies in Azure Portal, and how to use conditional access to specify cloud apps, user groups, and security requirements.

We will also find out why is it important to use log data to detect risky sign-ins from locations not defined in conditional access or from the Tor network, and to protect against external threats that may attempt to gain unauthorized access to company accounts.

Welcome to another episode of CQURE Hacks Weekly. This time we will focus on network traffic analysis with a special scenario – Neutrino Exploit Kit.

Network Traffic Analysis (NTA) is a comprehensive security process which enables intercepting and examining network activities in order to deduct suspicious events and security issues. Analyzing what, when, and where data is flowing across different parts of the network is crucial for IT Pros, as they should be able to identify irregular operations and react.  

Capturing and analyzing system boot and resuming performance data are very useful while troubleshooting slow boot times.

In general, changes in the booting process may indicate that system has been compromised. It can detect or support our deduction of the presence of malware, as we can review suspicious activities.

Boot monitoring may also help with the performance of the system by identifying bottlenecks in the process.

Let’s start with our Introduction to Boot Monitoring.