Fixed syntax issues and Gemfile

Cloud-Architekt · Dec 2, 2023 · 036c91c · 036c91c
1 parent 461513a
commit 036c91c
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 15 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,10 +1,15 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.0.7.2)
+    activesupport (7.1.2)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
     addressable (2.8.5)
       public_suffix (>= 2.0.2, < 6.0)
@@ -14,27 +19,33 @@ GEM
     algoliasearch (1.27.5)
       httpclient (~> 2.8, >= 2.8.3)
       json (>= 1.5.1)
+    base64 (0.2.0)
+    bigdecimal (3.1.4)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
     coffee-script-source (1.11.1)
     colorator (1.1.0)
     commonmarker (0.23.10)
     concurrent-ruby (1.2.2)
+    connection_pool (2.4.1)
     dnsruby (1.70.0)
       simpleidn (~> 0.2.1)
+    drb (2.2.0)
+      ruby2_keywords
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
     ethon (0.16.0)
       ffi (>= 1.15.0)
     eventmachine (1.2.7)
-    execjs (2.8.1)
-    faraday (2.7.10)
+    execjs (2.9.1)
+    faraday (2.7.12)
+      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-net_http (3.0.2)
-    ffi (1.15.5)
+    ffi (1.16.3)
     filesize (0.2.0)
     forwardable-extended (2.6.0)
     gemoji (3.0.1)
@@ -213,7 +224,7 @@ GEM
       gemoji (~> 3.0)
       html-pipeline (~> 2.2)
       jekyll (>= 3.0, < 5.0)
-    json (2.6.3)
+    json (2.7.0)
     kramdown (2.3.2)
       rexml
     kramdown-parser-gfm (1.1.0)
@@ -227,8 +238,9 @@ GEM
       jekyll (>= 3.5, < 5.0)
       jekyll-feed (~> 0.9)
       jekyll-seo-tag (~> 2.1)
-    minitest (5.19.0)
-    nokogiri (1.15.4-x86_64-linux)
+    minitest (5.20.0)
+    mutex_m (0.2.0)
+    nokogiri (1.15.5-x86_64-linux)
       racc (~> 1.4)
     octokit (4.25.1)
       faraday (>= 1, < 3)
@@ -237,7 +249,7 @@ GEM
       forwardable-extended (~> 2.6)
     progressbar (1.13.0)
     public_suffix (4.0.7)
-    racc (1.7.1)
+    racc (1.7.3)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
@@ -258,15 +270,15 @@ GEM
       unf (~> 0.1.4)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
-    typhoeus (1.4.0)
+    typhoeus (1.4.1)
       ethon (>= 0.9.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     tzinfo-data (1.2023.3)
       tzinfo (>= 1.0.0)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8.2)
+    unf_ext (0.0.9.1)
     unicode-display_width (1.8.0)
     verbal_expressions (0.1.5)
 
@@ -285,4 +297,4 @@ DEPENDENCIES
   tzinfo-data
 
 BUNDLED WITH
-   2.4.18
+   2.4.10
diff --git a/_posts/2023-03-20-abuse-detection-live-response-tier0.md b/_posts/2023-03-20-abuse-detection-live-response-tier0.md
@@ -319,7 +319,7 @@ machineActions_CL
 | project TimeGenerated, id, type, status, commands, computerDnsName, Tags, requestor, requestorComment
 ```
 
-<a href="{{ site.url }}{{ site.baseurl }}/assets/images/2023-03-20-abuse-detection-live-response-tier0/LiveResponse17.png"><img src="{{{ site.url }}{{ site.baseurl }}/assets/images/2023-03-20-abuse-detection-live-response-tier0/LiveResponse17.png" alt="KQL query" /></a>
+<a href="{{ site.url }}{{ site.baseurl }}/assets/images/2023-03-20-abuse-detection-live-response-tier0/LiveResponse17.png"><img src="{{ site.url }}{{ site.baseurl }}/assets/images/2023-03-20-abuse-detection-live-response-tier0/LiveResponse17.png" alt="KQL query" /></a>
 
 _MachineAction events will be correlated with classification of "High Value Assets" which allows to filter for Tier0 assets_
 

diff --git a/_posts/2023-12-02-entra-workload-id-threat-detection.md b/_posts/2023-12-02-entra-workload-id-threat-detection.md
@@ -1,10 +1,10 @@
 ---
 title: "Microsoft Entra Workload ID - Threat detection with Microsoft Defender XDR and Sentinel"
-excerpt: "Attack techniques (has shown that service principals will be used for initial and persistent access (to create a "backdoor" in Microsoft Entra ID). This has been used, for example as part of the NOBELIUM attack path. Abuse of privileged Workload identities for exfiltration and privilege escalation are just another further steps in such attack scenarios. In this part, we will have a closer look on monitoring workload identities with Identity Threat Detection Response (ITDR) by Microsoft Defender XDR, Microsoft Entra ID Protection and Microsoft Sentinel."
+excerpt: "Attack techniques (has shown that service principals will be used for initial and persistent access (to create a backdoor in Microsoft Entra ID). This has been used, for example as part of the NOBELIUM attack path. Abuse of privileged Workload identities for exfiltration and privilege escalation are just another further steps in such attack scenarios. In this part, we will have a closer look on monitoring workload identities with Identity Threat Detection Response (ITDR) by Microsoft Defender XDR, Microsoft Entra ID Protection and Microsoft Sentinel."
 header:
-  overlay_image: /assets/images/2023-08-22-entra-workload-id-lifecycle-management-monitoring/workloadid-lifecycle.png
+  overlay_image: /assets/images/2023-12-02-entra-workload-id-threat-detection/workloadidthreatdetection.png  png
   overlay_filter: rgba(102, 102, 153, 0.85)
-  teaser: /assets/images/2023-08-22-entra-workload-id-lifecycle-management-monitoring/workloadid-lifecycle.png
+  teaser: /assets/images/2023-12-02-entra-workload-id-threat-detection/workloadidthreatdetection.png
 
 search: true
 toc: true