Blog

• Configuring Policies in Microsoft Defender External Attack Surface Management (MDEASM) via API

  This is a brief post explaining how to configure policies in Microsoft Defender External Attack Surface Management (MDEASM) through its API. Although the policies functionality has been available in MDEASM for some time, the process for configuring them via the API has, unfortunately, not yet been documented.

• Analysing Formbook Malware

  I was recently alerted to an email containing an attachment named 3D PICTURE DRAWING DESIGN.pdf (SHA-256: 6657978de693874ef0b1d7491ff7ecc4066631d88b1481b19d9913d56356fd81). When opened the pdf tries to trick the user into clicking on an embedded link that leads to hxxps://filebin.net/v84mk8ucvp2m702e/3D_PICTURE_DRAWING.pif

• Transferring a Large File to a Target Server Using Azure DevOps, CyberArk, and Ansible

  I recently needed to drop a large file onto a target Linux server where direct SCP was prohibited. The server is entirely managed using Ansible playbooks in Azure DevOps with it’s credentials stored in CyberArk. Ok no problem…maybe?

• From Deployment to Defense: How to Set Up Microsoft Defender External Attack Surface Management (MDEASM) using Terraform and Azure DevOps

  Microsoft Defender External Attack Surface Management (MDEASM) is an Azure based security service that helps organizations gain visibility and manage their external attack surface. I was recently presented with the challenge of having to deploy and configure this resource entirely through code using Azure DevOps. What follows are some hopefully useful notes on how I managed to do this.