Our Sponsors ❤️
AWS No Such Bucket Check
AWSCloudTrail
Author: Steven LimReleased: February 6th, 2025
Entra QR Code Sign In KQL Detection
AuditLogs
Author: Steven LimReleased: February 6th, 2025
Defender XDR Custom Detection Modifications
CloudAppEvents
Author: Jay KeraiReleased: February 5th, 2025
MDE MMA Agent Cleanup
DeviceNetworkEventsDeviceProcessEvents
Author: Alex VerboonReleased: February 5th, 2025
Antivirus Domains MDE Device Network Events
DeviceNetworkEvents
Author: Jay KeraiReleased: February 5th, 2025
MDE Windows11 Issues OS Build 26100 2033
DeviceTvmSoftwareVulnerabilitiesDeviceInfo
Author: Alex VerboonReleased: February 5th, 2025
MDE Usage Latest
UsageDeviceFileEventsDeviceProcessEventsDeviceLogonEventsDeviceRegistryEventsDeviceNetworkEventsDeviceNetworkInfoDeviceInfoDeviceImageLoadEventsDeviceEventsDeviceFileCertificateInfo
Author: Alex VerboonReleased: February 5th, 2025
Windows OLE Zero Click Vulnerability Let Attacker To Execute Arbitrary Code
EmailAttachmentInfoEmailEvents
Author: Sergio AlbeaReleased: February 4th, 2025
Crowdstrike Impersonation During Global Outage
CrowdstrikeIOCsEmailUrlInfoEmailEventsDeviceNetworkEvents
Author: Jay KeraiReleased: February 4th, 2025
Block List Project Device Network Events
DeviceNetworkEvents
Author: Jay KeraiReleased: February 4th, 2025
Adult Content MDE Device Network Events
DeviceNetworkEvents
Author: Jay KeraiReleased: February 4th, 2025
Sysinternals Tools Zero Day Vulnerability Detection
SysinternalsToolsDeviceEvents
Author: Steven LimReleased: February 4th, 2025
Extracting Bits Of TCP Flags
DeviceNetworkEvents
Author: Sergio AlbeaReleased: February 3rd, 2025
Audit Logs Azure RBAC Elevated Access
AuditLogs
Author: Jose Sebastián CanósReleased: February 3rd, 2025
Active Directory Domain Services Elevation Of Privilege Vulnerability CVE 2025 21293
DeviceInfoDeviceEventsDeviceRegistryEvents
Author: Steven LimReleased: February 2nd, 2025
ROSTI Repackaged Open Source Intelligence MDE Network Events IOC Hits
DeviceNetworkEvents
Author: Jay KeraiReleased: February 1st, 2025
ROSTI Repackaged Open Source Intelligence MDE File Events IOC Hits
DeviceFileEvents
Author: Jay KeraiReleased: February 1st, 2025
Hunting Rogue Endpoints Via SMB Detection
DeviceEvents
Author: Steven LimReleased: February 1st, 2025
Anonymous Email Sending Domains MDE Traffic
DeviceNetworkEvents
Author: Jay KeraiReleased: January 31th, 2025
Global Admin Elevations To User Access Administrator At Root Level
AuditLogs
Author: Jay KeraiReleased: January 31th, 2025
Windows File Explorer Elevation Of Privilege Vulnerability CVE 2024 38100 Exploited
DeviceProcessEventsDeviceInfo
Author: Sergio AlbeaReleased: January 30th, 2025
Detect Malicious Impersonation Of Deepseek Domains In Email UR Ls
EmailUrlInfoEmailEvents
Author: Steven LimReleased: January 29th, 2025
Detect User Request Token For Admin App
SigninLogsIdentityInfo
Author: Robbe Van den DaeleReleased: January 28th, 2025
Securing Your Azure Cloud Finding The Weakest Link In Admin Endpoints
ExposureGraphEdgesExposureGraphNodes
Author: Steven LimReleased: January 28th, 2025
Detect Token Stealing With Wdac
DeviceEvents
Author: Robbe Van den DaeleReleased: January 26th, 2025
Detect Suspicious Ca Changes
AuditLogs
Author: Robbe Van den DaeleReleased: January 26th, 2025
Hunt Nnr Health Issues
DeviceNetworkInfoDeviceNetworkEvents
Author: Robbe Van den DaeleReleased: January 26th, 2025
Hunt Devices Supporting Mde Containment
DeviceInfo
Author: Robbe Van den DaeleReleased: January 26th, 2025
Hunt Public Devices With Tag
DeviceInfo
Author: Robbe Van den DaeleReleased: January 26th, 2025
Hunt Organize Devices By Subnet
DeviceNetworkInfoDeviceInfo
Author: Robbe Van den DaeleReleased: January 26th, 2025
Hunt Public Devices Without Tag
DeviceNetworkEvents
Author: Robbe Van den DaeleReleased: January 26th, 2025
Hunt Public Devices Over Time
DeviceInfo
Author: Robbe Van den DaeleReleased: January 26th, 2025
Detect Cve Exploit For Vulnerable Device
DeviceTvmSoftwareVulnerabilitiesDeviceNetworkEvents
Author: Robbe Van den DaeleReleased: January 26th, 2025
RID Hijacking Technique And Detection
DeviceEventsDeviceRegistryEvents
Author: Steven LimReleased: January 26th, 2025
Leveraging Spamhaus Drop List To Identify Suspicious Connections In Commonsecuritylog Table
CommonSecurityLog
Author: Michalis MichalosReleased: January 26th, 2025
Leveraging Spamhaus Drop List To Identify Delivered Emails From Suspicious Source Ips
EmailEvents
Author: Michalis MichalosReleased: January 26th, 2025
Cef To Common Security Log
source
Author: Robbe Van den DaeleReleased: January 25th, 2025
Azure Subscription Budget Deletion
AzureActivity
Author: Jay KeraiReleased: January 24th, 2025
AAD Non Interactive User Sign In Logs Unexpected Failures In Non Interactive Authentications From An App
AADNonInteractiveUserSignInLogs
Author: Jose Sebastián CanósReleased: January 24th, 2025
Hunting Fake Reddit Sites Push Lumma Stealer Malware Part 2
FakeRedditLummaSDeviceNetworkEvents
Author: Steven LimReleased: January 24th, 2025
Hunting Fake Reddit Sites Push Lumma Stealer Malware Part 1
EmailUrlInfoEmailEvents
Author: Steven LimReleased: January 24th, 2025
AAD Non Interactive User Sign In Logs Unexpected Authentication From Windows Azure Active Directory App
AADNonInteractiveUserSignInLogs
Author: Jose Sebastián CanósReleased: January 23th, 2025
Entra ID SSPR Configuration Changes
AuditLogs
Author: Alex VerboonReleased: January 22th, 2025
Azure AD Enterprise Apps Disabled
AuditLogs
Author: Alex VerboonReleased: January 22th, 2025
Azure AD PIM Group Members
IdentityInfo
Author: Alex VerboonReleased: January 22th, 2025
Entra ID Suspicious Activity Reported
AuditLogs
Author: Alex VerboonReleased: January 22th, 2025
Power Shell Executions From Clipboard
DeviceEventsDeviceProcessEvents
Author: Bert-Jan PalsReleased: January 22th, 2025
Fortigate Belsen Leak KQL Check
CommonSecurityLog
Author: Steven LimReleased: January 22th, 2025
Last Check In Arc Machines
ResourcesHeartbeat
Author: Bert-Jan PalsReleased: January 20th, 2025
Identify Mail Items Accessed By A Specific IP Address CISA
AADSignInEventsBetaCloudAppEvents
Author: Jay KeraiReleased: January 20th, 2025