Welcome to JohnCySA! A site for the Digital Forensics and Incident Response blogs written by John - Cyber Security Analyst.
'About Me' coming soon... Possibly.
I carried out some experiments to confirm which implementations of MFA in Azure AD are sufficient to protect against the TeamFiltration Exfil module's MFA bypass capabilities, should a user's credentials have been compromised.
During a single endpoint compromise investigation, I identified a cool use case for conducting forensics with Microsoft's EDR tool 'Defender for Endpoint' - lifting the veil on Incognito browsing sessions.
New blogs coming soon... Probably.