Matt Zorich (@reprise_99) 's Twitter Profile
Matt Zorich

@reprise_99

security @ @Microsoft | aka.ms/KQLMSPress | Tweets are my own

ID: 1236474520757628928

linkhttps://github.com/reprise99 calendar_today08-03-2020 02:11:52

4,4K Tweet

13,13K Followers

2,2K Following

Matt Zorich (@reprise_99) 's Twitter Profile Photo

Happy 4th of July to all my amazing US friends 🗽🇺🇸 to celebrate I am going to watch the most American movie ever, what are your recommendations? Independence Day, Armageddon?

Matt Zorich (@reprise_99) 's Twitter Profile Photo

If permissions on the Domain Users group are out of control, you can always just not have anyone in it. Instead of trying to remove privilege assigned to Domain Users across all your systems, it may be easier to just take all your users out of it and not use that group at all.

Matt Zorich (@reprise_99) 's Twitter Profile Photo

This is also because a threat actor is quite likely to be operating from a device not under your management, so your tools aren't deployed to it, or they are using a vector not covered by security tools like social engineering. This is what makes device compliance such a strong

Matt Zorich (@reprise_99) 's Twitter Profile Photo

The secure networks pillar of our broader Zero Trust guidance has been published. It is an immensely comprehensive guide that covers recommendations for a modern network perimeter, including technologies like SASE/ZTNA and as well as network encryption and threat detection -

Matt Zorich (@reprise_99) 's Twitter Profile Photo

Persistent graphs are now in preview in Azure Data Explorer; these graphs are durable database objects that persist through individual queries vs the transient ones created through the make-graph operator - learn.microsoft.com/en-us/kusto/ma…

Matt Zorich (@reprise_99) 's Twitter Profile Photo

New in the Defender XDR advanced hunting platform, GraphApiAuditEvents - any blue team, threat hunter or those working on detections should make sure they get familiar with this data, it can be key for detecting malicious activity in your environment. It shows information about

Matt Zorich (@reprise_99) 's Twitter Profile Photo

Kusto can let you do time of day (or day of week) queries with no additional magic required. A good example here for detecting PIM activations outside of working hours. It will find someone who activates PIM outside business hours or on a weekend having never done it previously.

Matt Zorich (@reprise_99) 's Twitter Profile Photo

Less worrying about kids using social media, more worrying about parents when kids find their own parents social media accounts

Security Response (@msftsecresponse) 's Twitter Profile Photo

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. We have outlined mitigations and detections in our blog. Our team is working urgently to release