.NET Rocks! Coding for Security with Chris Ayers
Mar 25, 2026
Chris Ayers, an Azure reliability engineer at Microsoft who speaks on cloud resiliency and security, breaks down the MITRE ATT&CK framework and why thinking like an attacker improves defenses. He covers logging and anomalous authentication, detecting data exfiltration, supply-chain risks from malicious packages, and using automation and tooling to drive detection and safer pipelines.
AI Snips
Chapters
Transcript
Episode notes
ATT&CK Shows How Attackers Actually Operate
- ATT&CK reframes defense by modeling how adversaries actually behave rather than listing vulnerabilities.
- MITRE ATT&CK catalogs tactics, techniques, and procedures from real attacks to help defenders think like attackers.
Alert On Authentication And Query Anomalies
- Do instrument and alert on anomalous user and authentication behavior such as many logins from one IP or many accounts from one IP.
- Chris Ayers and hosts recommend fingerprinting, short session expirations, and alerts for spikes to detect compromised credentials.
Build Detection Into Your App Not Just Perimeter Defenses
- Do build good logging and detection into applications to catch post-compromise activity like lateral movement and data exfiltration.
- The panel stresses short-term mitigations like appending behavior logs and monitoring disk/ log exhaustion attempts.