Rob rdmershon

MDE Setting (intune)	What does it do?	Intune	Notes
Allow Archive Scanning	Scans the archive files.	On
Allow Behavior Monitoring	Turns on real-time behavior monitoring.	On
Allow Cloud Protection	Ties MDE into MS's Cloud hosted threat intel	On
Allow Email Scanning	Turns on email scanning.	On
Allow Intrusion Prevention System	Monitors for network connections to malicious IOCs	On
Allow scanning of all downloaded files and attachments	Allow scanning of all downloaded files and attachments	On
Allow Realtime Monitoring	Turns on and runs the real-time monitoring service.	On
Allow Scanning Network Files	Scans network files	On
Allow Script Scanning	Allows the scanning of scripts	On

Title	Author	Genre	Height	Publisher
Fundamentals of Wavelets	Goswami, Jaideva	signal_processing	228	Wiley
Data Smart	Foreman, John	data_science	235	Wiley
God Created the Integers	Hawking, Stephen	mathematics	197	Penguin
Superfreakonomics	Dubner, Stephen	economics	179	HarperCollins
Orientalism	Said, Edward	history	197	Penguin
Nature of Statistical Learning Theory, The	Vapnik, Vladimir	data_science	230	Springer
Integration of the Indian States	Menon, V P	history	217	Orient Blackswan
Drunkard's Walk, The	Mlodinow, Leonard	science	197	Penguin
Image Processing & Mathematical Morphology	Shih, Frank	signal_processing	241	CRC

	#I added two laws so I remember them
	Top 12 Immutable Laws of CyberSecurity
	Law #1: The price of security is eternal vigilance.
	Law #2: In an investigation, you always need the logs you don't have.
	Law #3: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
	Law #4: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
	Law #5: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
	Law #6: If you allow a bad guy to upload programs to your website, it’s not your website any more
	Law #7: Weak passwords trump strong security
	Law #8: A computer is only as secure as the administrator is trustworthy

	$cred = Get-Credential #Read credentials
	$username = $cred.username
	$password = $cred.GetNetworkCredential().password

	# Get current domain using logged-on user's credentials
	$CurrentDomain = "LDAP://" + ([ADSI]"").distinguishedName
	$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,$UserName,$Password)

	if ($domain.name -eq $null)
	{

	Event ID Notes
	104 Event Log was Cleared
	403 access to the requested resource is forbidden
	410 DNS server list of restricted interfaces does not contain a valid IP address for the server computer
	411 a device driver attempts to load during the Plug and Play (PnP) process but fails to do so.
	412 Task Scheduler service failed to launch
	413 Unable to create a new logfile because the database cannot write to the log drive
	500 DNS server has detected that the zone %1 has invalid or corrupted registry data.
	501 DNS Server zone %1 has missing or corrupted zone type in registry.
	1074 Shutdown Initiate Failed

	##Good scanner evasion technique
	nmap -f -T2 --data-length 8 --randomize-hosts -ttl 58 [targets]

	##enumerate host details, like whats running on 3389
	nmap -sV

	###Hunting in the platforms
	https://m365internals.com/2022/10/07/hunting-in-on-premises-exchange-server-logs/

	#####Hunting for compromised mailbox logs
	Get where imap and pop logs are stored
	Get-ImapSettings \| format-list
	Get-PopSettings \| format-list

	Get where Exchange logs are stored.
	Get-FrontendTransportService -Identity YourServerName \| fl ReceiveProtocolLogPath

	Foreign keys are used to establish relationships between tables. Typically, we use a primary key in one table and a foreign key in another table to create a one-to-one or a one-to-many relationship between those two tables.

	In a one-to-one relationship, one table serves as a parent table and the other table serves as a child table. With a foreign key constraint, a record must exist in the parent table before a related record can be added to the child table. In other words, a record in the child table must have a related record in the parent table.

	Key note, connections from third party clients will not log mailitemsaccessed. :(

	Unified Audit Log for Office 365 breaches

	https://learn.microsoft.com/en-us/purview/audit-log-investigate-accounts

	#Select for a column between a range of values
	SELECT *
	FROM invoice
	WHERE total BETWEEN 15 AND 25;

	#Match where values are like ue in city column
	SELECT *
	FROM customer
	WHERE city like '%ue%';