A blue security person and aspiring maker and breaker of all the things, with interests from DFIR to DevOps. Currently architecting and implementing solutions to challenges in security operations and beyond for three years.
A golden goose of Microsoft and a secret weapon in a defenders world... Yet what is it, and how does it work? How can we use it to detect evil when my EDR does not? This talk aims to look at the practical (ab)uses, drawbacks, and considerations presented within the Microsoft Threat Intelligence Event Tracing for Windows Log provider, contextualized to a SOC environment running on Microsoft's Defender for Endpoint.