Philip Marsh
@marshsecurity.org
New blog post live for my Sentinel Saturday series!
Read the blog 👉 marshsecurity.org/sentinel-sat...
In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.
#Blueteam #Microsoft #Sentinel
#MicrosoftSentinel #CyberSecurity #SOCAutomation
Read the blog 👉 marshsecurity.org/sentinel-sat...
In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.
#Blueteam #Microsoft #Sentinel
#MicrosoftSentinel #CyberSecurity #SOCAutomation
Sentinel Saturday - Using Tasks with Automation
Automation is one of the biggest ways to improve output and productivity within Microsoft Sentinel. When used well, it cuts repetitive work, reduces response times, and keeps your SOC running smoothly...
marshsecurity.org
November 23, 2025 at 9:06 AM
New blog post live for my Sentinel Saturday series!
Read the blog 👉 marshsecurity.org/sentinel-sat...
In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.
#Blueteam #Microsoft #Sentinel
#MicrosoftSentinel #CyberSecurity #SOCAutomation
Read the blog 👉 marshsecurity.org/sentinel-sat...
In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.
#Blueteam #Microsoft #Sentinel
#MicrosoftSentinel #CyberSecurity #SOCAutomation
V1.1 now released!
- Support for tracking Purview changes
- Ability to track multiple repositories
- Ability to generate RSS feeds
- Corrected a bug causing API errors
- Improved speeds.
- Pull correct data instead of "repo sync"
- Added a "Last Updated" footer
- Support for tracking Purview changes
- Ability to track multiple repositories
- Ability to generate RSS feeds
- Corrected a bug causing API errors
- Improved speeds.
- Pull correct data instead of "repo sync"
- Added a "Last Updated" footer
🚀 Introducing... #Microsoft #Docs Tracker!
it can often be difficult to keep up-to-date with the constant changes of Microsoft #documentation. Track documentation updates across the entire #MicrosoftDocs #GitHub organization in one place, with ease!
🔗 Try it here: docstracker.marshsecurity.org
it can often be difficult to keep up-to-date with the constant changes of Microsoft #documentation. Track documentation updates across the entire #MicrosoftDocs #GitHub organization in one place, with ease!
🔗 Try it here: docstracker.marshsecurity.org
October 19, 2025 at 9:51 AM
V1.1 now released!
- Support for tracking Purview changes
- Ability to track multiple repositories
- Ability to generate RSS feeds
- Corrected a bug causing API errors
- Improved speeds.
- Pull correct data instead of "repo sync"
- Added a "Last Updated" footer
- Support for tracking Purview changes
- Ability to track multiple repositories
- Ability to generate RSS feeds
- Corrected a bug causing API errors
- Improved speeds.
- Pull correct data instead of "repo sync"
- Added a "Last Updated" footer
This week’s #SentinelSaturdays covers how to write leaner, faster, more efficient KQL queries with practical examples you can use today.
#microsoft #sentinel #cybersecurity #cyber #security #tips #guide
🔗 Read the full walkthrough here: marshsecurity.org/sentinel-ski...
#microsoft #sentinel #cybersecurity #cyber #security #tips #guide
🔗 Read the full walkthrough here: marshsecurity.org/sentinel-ski...
October 18, 2025 at 1:22 PM
This week’s #SentinelSaturdays covers how to write leaner, faster, more efficient KQL queries with practical examples you can use today.
#microsoft #sentinel #cybersecurity #cyber #security #tips #guide
🔗 Read the full walkthrough here: marshsecurity.org/sentinel-ski...
#microsoft #sentinel #cybersecurity #cyber #security #tips #guide
🔗 Read the full walkthrough here: marshsecurity.org/sentinel-ski...
🚀 Introducing... #Microsoft #Docs Tracker!
it can often be difficult to keep up-to-date with the constant changes of Microsoft #documentation. Track documentation updates across the entire #MicrosoftDocs #GitHub organization in one place, with ease!
🔗 Try it here: docstracker.marshsecurity.org
it can often be difficult to keep up-to-date with the constant changes of Microsoft #documentation. Track documentation updates across the entire #MicrosoftDocs #GitHub organization in one place, with ease!
🔗 Try it here: docstracker.marshsecurity.org
October 18, 2025 at 9:01 AM
🚀 Introducing... #Microsoft #Docs Tracker!
it can often be difficult to keep up-to-date with the constant changes of Microsoft #documentation. Track documentation updates across the entire #MicrosoftDocs #GitHub organization in one place, with ease!
🔗 Try it here: docstracker.marshsecurity.org
it can often be difficult to keep up-to-date with the constant changes of Microsoft #documentation. Track documentation updates across the entire #MicrosoftDocs #GitHub organization in one place, with ease!
🔗 Try it here: docstracker.marshsecurity.org
ClickFix is emerging as a crafty threat. My latest post cuts through the noise, showing how you can defend using Microsoft tools.
🛡️ Read it here: marshsecurity.org/protecting-a...
#CyberSecurity #ZeroTrust #MicrosoftSecurity #ClickFix #Defender #Sentinel #SecOps #InfoSec #ThreatProtection
🛡️ Read it here: marshsecurity.org/protecting-a...
#CyberSecurity #ZeroTrust #MicrosoftSecurity #ClickFix #Defender #Sentinel #SecOps #InfoSec #ThreatProtection
Protecting against ClickFix with the Microsoft Stack
Introduction
With the growing rise of cyber attacks, and the increased detections and awareness on the back of this, cyber attacks are constantly looking for creative ways to execute code on endpoint...
marshsecurity.org
October 15, 2025 at 5:58 AM
ClickFix is emerging as a crafty threat. My latest post cuts through the noise, showing how you can defend using Microsoft tools.
🛡️ Read it here: marshsecurity.org/protecting-a...
#CyberSecurity #ZeroTrust #MicrosoftSecurity #ClickFix #Defender #Sentinel #SecOps #InfoSec #ThreatProtection
🛡️ Read it here: marshsecurity.org/protecting-a...
#CyberSecurity #ZeroTrust #MicrosoftSecurity #ClickFix #Defender #Sentinel #SecOps #InfoSec #ThreatProtection
#Microsoft have now added the ability to #restore #conditionalaccess #policies in Microsoft #Entra.
To do this, you will need to have the Conditional Access Administrator role activated.
Find our more in my latest #Blog post: marshsecurity.org/restoring-mi...
To do this, you will need to have the Conditional Access Administrator role activated.
Find our more in my latest #Blog post: marshsecurity.org/restoring-mi...
Restoring Microsoft Entra Conditional Access Policies
Microsoft have now added the ability to restore Conditional Access Policies which have been deleted in Microsoft Entra. This is really useful for inadvertent deletion scenarios.
In this blog, we will...
marshsecurity.org
October 8, 2025 at 1:55 PM
#Microsoft have now added the ability to #restore #conditionalaccess #policies in Microsoft #Entra.
To do this, you will need to have the Conditional Access Administrator role activated.
Find our more in my latest #Blog post: marshsecurity.org/restoring-mi...
To do this, you will need to have the Conditional Access Administrator role activated.
Find our more in my latest #Blog post: marshsecurity.org/restoring-mi...
#mailbombing can be a very serious #cyberthreat - These can be used to hide more nefarious activity or be leveraged by attackers as part of a wider campaign.
Find out more, and how you can protect and detect these with #Microsoft tooling in my #blog: marshsecurity.org/protecting-a...
#cybersecurity
Find out more, and how you can protect and detect these with #Microsoft tooling in my #blog: marshsecurity.org/protecting-a...
#cybersecurity
Protecting against Email Bombs with Microsoft Tooling
As the world becomes more and more connected, and digital technologies continue to evolve, email remains a critical tool for communications both for individuals and for commercial use. Email security ...
marshsecurity.org
October 8, 2025 at 1:54 PM
#mailbombing can be a very serious #cyberthreat - These can be used to hide more nefarious activity or be leveraged by attackers as part of a wider campaign.
Find out more, and how you can protect and detect these with #Microsoft tooling in my #blog: marshsecurity.org/protecting-a...
#cybersecurity
Find out more, and how you can protect and detect these with #Microsoft tooling in my #blog: marshsecurity.org/protecting-a...
#cybersecurity
Reposted by Philip Marsh
🚨 #infosec Pros: Are you really in control of what runs in your #Windows estate?
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
Application Control - Part 1 - The dangers of allowing software
ℹ️This blog post is part of a series of posts that delve into Application Control on Windows. This series will explore the risks involved in not controlling applications, as well as the ways in which ...
marshsecurity.org
May 7, 2025 at 7:41 PM
🚨 #infosec Pros: Are you really in control of what runs in your #Windows estate?
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
🚨 #infosec Pros: Are you really in control of what runs in your #Windows estate?
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
Application Control - Part 1 - The dangers of allowing software
ℹ️This blog post is part of a series of posts that delve into Application Control on Windows. This series will explore the risks involved in not controlling applications, as well as the ways in which ...
marshsecurity.org
May 7, 2025 at 7:41 PM
🚨 #infosec Pros: Are you really in control of what runs in your #Windows estate?
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
Learn how to assess what #software is in your estate, and what gotchas to watch out for on part one of your #app control journey!
Read the full post 👉 marshsecurity.org/application-...
#cyber #security #microsoft
Inspired by the amazing resource of @devfender.bsky.social (github.com/jkerai1/Soft...), I created a #Github #Actions workflow allowing users to raise an issue using a form template. The action then extracts the certificate and commits it back to the #repo, updating the README file.
#cybersecurity
#cybersecurity
March 15, 2025 at 10:37 AM
Inspired by the amazing resource of @devfender.bsky.social (github.com/jkerai1/Soft...), I created a #Github #Actions workflow allowing users to raise an issue using a form template. The action then extracts the certificate and commits it back to the #repo, updating the README file.
#cybersecurity
#cybersecurity
Having issues deploying #microsoft #edge extensions across multiple #configuration profiles.
We are trying to split the “silently install extensions” across 1 config per extension (easier management) but once one is applied, others say there is a conflict.
Does anyone know if this is possible?
We are trying to split the “silently install extensions” across 1 config per extension (easier management) but once one is applied, others say there is a conflict.
Does anyone know if this is possible?
February 5, 2025 at 7:06 AM
Having issues deploying #microsoft #edge extensions across multiple #configuration profiles.
We are trying to split the “silently install extensions” across 1 config per extension (easier management) but once one is applied, others say there is a conflict.
Does anyone know if this is possible?
We are trying to split the “silently install extensions” across 1 config per extension (easier management) but once one is applied, others say there is a conflict.
Does anyone know if this is possible?
Reposted by Philip Marsh
In my latest #blog I explore the wonderful world of #docker and how to ensure a #securityfirst implementation.
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
January 19, 2025 at 4:40 PM
In my latest #blog I explore the wonderful world of #docker and how to ensure a #securityfirst implementation.
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
In my latest #blog I explore the wonderful world of #docker and how to ensure a #securityfirst implementation.
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
January 19, 2025 at 4:40 PM
In my latest #blog I explore the wonderful world of #docker and how to ensure a #securityfirst implementation.
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
#cyber #security #homelab #technology
Read more:
marshsecurity.org/securing-doc...
After discovering that NetBIOS settings aren’t available in #intune #settings, I have created a #script to disable this and will have to look into a #compliance #policy to ensure that this is disabled across the estate.
I have shared my #netbios and #llmnr script here:
github.com/Marshyp/Secu...
I have shared my #netbios and #llmnr script here:
github.com/Marshyp/Secu...
Security-Scripts/Endpoint/NetBIOS&LLMNR at main · Marshyp/Security-Scripts
Scripts for general Cyber Security functions/tasks - Marshyp/Security-Scripts
github.com
January 7, 2025 at 6:54 AM
After discovering that NetBIOS settings aren’t available in #intune #settings, I have created a #script to disable this and will have to look into a #compliance #policy to ensure that this is disabled across the estate.
I have shared my #netbios and #llmnr script here:
github.com/Marshyp/Secu...
I have shared my #netbios and #llmnr script here:
github.com/Marshyp/Secu...
After a chat in the #Microsoft #EMS server, I decided to build an automated app tester using WSB.
This solution obtains hashes and pushes the installer to VirusTotal for checking
Check it out here: github.com/marshyp/sote...
#secops #cybersecurity #devops #cyber #powershell
This solution obtains hashes and pushes the installer to VirusTotal for checking
Check it out here: github.com/marshyp/sote...
#secops #cybersecurity #devops #cyber #powershell
GitHub - Marshyp/Soteria: Soteria is an automated tool for testing software and creating WDAC policies around the software. This project is currently a WIP
Soteria is an automated tool for testing software and creating WDAC policies around the software. This project is currently a WIP - Marshyp/Soteria
github.com
December 1, 2024 at 10:57 AM
After a chat in the #Microsoft #EMS server, I decided to build an automated app tester using WSB.
This solution obtains hashes and pushes the installer to VirusTotal for checking
Check it out here: github.com/marshyp/sote...
#secops #cybersecurity #devops #cyber #powershell
This solution obtains hashes and pushes the installer to VirusTotal for checking
Check it out here: github.com/marshyp/sote...
#secops #cybersecurity #devops #cyber #powershell
Exploring automating #docker backups to GitHub, retaining historical backups of containers, volumes and compose.yml files for #automation #devsecops #cyber #cybersecurity
Read my blog here: marshsecurity.org/backing-up-d...
Read my blog here: marshsecurity.org/backing-up-d...
Backing up Docker volumes with ease
We all know that it is important to ensure that our services and systems are regularly backed up. Recently, I have had a number of people asking about backups for Docker volumes - particularly with re...
marshsecurity.org
November 25, 2024 at 4:27 PM
Exploring automating #docker backups to GitHub, retaining historical backups of containers, volumes and compose.yml files for #automation #devsecops #cyber #cybersecurity
Read my blog here: marshsecurity.org/backing-up-d...
Read my blog here: marshsecurity.org/backing-up-d...
Exploring how to bring #cybersecurity closer to home with DNS (Yes, it's always DNS) using NextDNS for an easy win.
Read more: marshsecurity.org/dns-protecti...
With thanks to @devfender.bsky.social for the push to blog!
Read more: marshsecurity.org/dns-protecti...
With thanks to @devfender.bsky.social for the push to blog!
DNS Protection with NextDNS
It's always DNS. Even when it's not.
The issue
As we know, the internet is full of potentially malicious sites, which our users, families and significant others can navigate to at any moment. It is...
marshsecurity.org
November 24, 2024 at 4:53 PM
Exploring how to bring #cybersecurity closer to home with DNS (Yes, it's always DNS) using NextDNS for an easy win.
Read more: marshsecurity.org/dns-protecti...
With thanks to @devfender.bsky.social for the push to blog!
Read more: marshsecurity.org/dns-protecti...
With thanks to @devfender.bsky.social for the push to blog!