Episode 11

Inside Microsoft GHOST with Matt Zorich

Exploring Threat Hunting

In this episode of ThreatCast , Ru and Matt dive deep into the world of Microsoft GHOST, a specialised team focused on cybersecurity hunting within Microsoft. Matt explains the role of the DoD (Detection and Response Team), their work on incident response for customers dealing with ransomware and nation-state attacks, and how Microsoft telemetry plays a crucial role in detecting and mitigating threats.

Overview

Together, they explore the challenges of securing a global enterprise like Microsoft, focusing on the detection and response landscape, adversary-in-the-middle attacks, and the growing role of AI in threat detection. Matt also offers unique insights into how companies can bolster their defenses by implementing multi-factor authentication (MFA) and securing core systems like Active Directory and Azure admin portals.

Matt’s expertise is rooted in his journey through Microsoft’s DoD (Detection and Response Team), and his contributions to KQL (Kusto Query Language), which are revolutionizing the way threats are hunted and neutralized across the Microsoft ecosystem.

What is covered?

Highlights