The Insecurity Matters Blog

A List of Third-Party Services to Determine Indicator Badness

When an analyst is reviewing logs from various environment sources such as Azure Active Directory, perimeter firewalls, email gateways, Amazon Web Services, endpoint protection and others, they need to check for activity from other sources to make a determination that the domain, URL, or IP address (indicator) warrants further investigation/policy action/control change based on activity... Continue reading

Seamless SSO Configuration Tutorial Part 1

This configuration tutorial is for an unroutable single forest domain. Unroutable domains are any top-level domains that cannot be used on the internet such as .local. The scenario is an on-premise Active Directory domain with a Forest Functional Level of Windows Server 20102 R2 that need seamless single-sign-on (SSO) for Microsoft 365 online resources such... Continue reading

A Handy Reference for Windows Logon Types with Status and Substatus Codes

This list of logon types and status/substatus for Event ID 4625 comes from Microsoft documentation for threat-protection auditing, and is beneficial for analysts and people that are curious about what is going on in their PC. Logon type Logon title Description 2 Interactive A user logged on to this computer. 3 Network A user or... Continue reading

The Twisted Reality of Military Leadership

I’ve been mulling over writing an article about how the military, specifically the Army, fails to teach leadership and do right by soldiers at an alarming rate for some time, but when a friend of mine retweeted the thread below, I finally found the motivation to move my words from tweet storms to something more... Continue reading

Business Email Compromise: A Case Study

Update: The screen capture below was taken from the Parents Nest page on Facebook. The only parent to get through to anyone at Charter School Associates that can provide information didn’t receive any of the phishing emails and was given a head in the sand denial about the email compromise. Pinellas Academy of Math and... Continue reading