Playing with @Azure Defender IOT network sensor appliance and its 🔥 Drop a VM and get a device inventory quickly. Huge library of ICS/OT/SCADA protocols. On my test network it did a great job. You can then scan your inventory firmware for vulns with #refirmlabs MOAR deets: docs.microsoft.com/en-us/azure/de…

Coming soon to the firmware scanning preview in Defender for IOT.

How many of the IOT, OT, and embedded devices on your network are *actually* fully patched?

Now is your chance to find out.

#refirmlabs @MsftSecIntel The thing that sold me on making Refirm labs part of Microsoft was running this on my home network and then throwing up in my mouth.

I have gotten to the point where I am maintaining my own forks of firmware and OS for all my routers, switches, and servers. I have a weekend reminder to merge fixes and spin builds - how did i get here. my home router is now a 100GBe Arista switch running SONIC with NAT github.com/sonic-net/SONi… just need PPOE #dwizzzlecloud

@SwiftOnSecurity @BillDemirkapi @mattifestation WDAC policies work on both 10-11 with no hardware requirements down to the home SKU despite some FUD misinformation i have seen so it should be your first choice. Create a policy with the Wizard and then add a deny rule or allow specific versions of Nvidia if you need @SwiftOnSecurity @BillDemirkapi @mattifestation webapp-wdac-wizard.azurewebsites.net is where you get the Wizard

Windows 11 now has BY DEFAULT:

✅ TPM
✅ LSA PPL
✅ HVCI with block list updates
✅ credential guard
✅ enhanced sign in (Hello in VBS)

And there’s more…

https://twitter.com/_dirkjan/status/1291084375304667137

It’s really burning me up not to tell you about “more”

This is awesome, Microsoft matches donations to Open Security Training!

https://twitter.com/OpenSecTraining/status/1415859924207349762

donated

I think people are going to excited (and scared) about getting a look at all the vulns in their BMC and SSD firmware with a virustotal-like web submission. With WFH I have been scanning all the stuff on my home network and it’s been enlightening :) basically if you know how to use virustotal, with Refirm you can now find real bugs in just about any firmware file. Just download it from the mfg site and drag and drop. I think its going to really open peoples eyes, and show what's been ignored for far to long.

Just a reminder with Windows (Pro and up) there is a straightforward way to visit sites in a VM with WDAG. This means attackers need a Chrome RCE, Chrome LPE, Bypass of CI, and HV EOP. You can also use the same tech to create a super-fast throwaway VM with Visual Studio with Windows Sandbox

The biggest impediment to security on Linux is the same as Windows. Its currently much too hard for the average person to deploy hardening policies and use hardened kernels. The tyranny of the kernel conf reigns. The reality is a few Linux users will ever touch a conf you should just be able to say "sudo apt-get hardened-kernel" and be done. Until it gets there the security value will remain hidden

New blog: All Surface PCs now enable Virtualization-based security by default. Show significant security improvements as a result. microsoft.com/security/blog/… I am not aware of any other PC vendor doing this across the entire line of devices so massive kudos to surface. VBS provides credential protection, blocks malicious drivers, prevents kernel code modification, and enables exploit protection (CFI, Read Only memory) in the kernel.

I spent the last couple of months tweaking my home network security monitoring (I blame @craiu) and going through many solutions including running a giant security onion cluster. I found Pfsense with Suricata forwarding to Azure Sentinel to be insanely cheap and lower power Sentinel is like 50 cents a gigabyte of log data and you don't have to run a server rack or maintain. So I have a protecli box with like a 25 watt TDP (power bill$) and its giving me everything I would need to hunt in a small network.