Geekmaster 👽
This is why you configure #ASR rules in #Defender and also switch to #Kerberos rather than #NTLM #SecureYourEnterprise before you get #hacked https://research.ifcr.dk/pass-the-challenge-defeating-windows-defender-credential-guard-31a892eee22
Also be sure to turn on these monitoring policies in #DefenderForCloudApps so you can #CatchTheHacker before they get too deep, whether you switch to #Kerberos or not. #NetworkSegregation is also a great #LayeredDefense method to ensure if one system is compromised the attacker can't use #SMBtraversal to get to all your computers, globally. #EternalBlue source code is still being used to get to #DCs via #Trikbot evolutions, after #Phishing a user with #LocalAdmin privileges, to execute #mimikatz against #ActiveDirectory to steal all the objects. #YesThisHappened