Detecting Twill Typhoon VS Code Exploit

Author: Steven LimReleased: 9/16/2024

Detecting Windows Downdate Abuse

Author: Steven LimReleased: 9/14/2024

Identify Suspicious Certificates In Endpoints With Zero Keysize And No Signature Algorithm

Author: Michalis MichalosReleased: 9/13/2024

Interactive Web Login

Author: Rod TrentReleased: 9/13/2024

Detect External Sources Scanning My Exposed Devices

Author: Sergio AlbeaReleased: 9/13/2024

MDE TVM Exposure Level

Author: Alex VerboonReleased: 9/12/2024

Office365 Customer Lockbox

Author: Alex VerboonReleased: 9/12/2024

Office365 Recycled Restored

Author: Alex VerboonReleased: 9/12/2024

Microsoft September Updates

Author: Sergio AlbeaReleased: 9/11/2024

Entra Roles Report

Author: Bert-Jan PalsReleased: 9/9/2024

Devtunnelcodetunneling

Author: Ali HusseinReleased: 9/9/2024

Devtunnel Registry

Author: Ali HusseinReleased: 9/9/2024

Dev Tunnel File Events

Author: Ali HusseinReleased: 9/9/2024

Dev Tunnelnetworkdetection

Author: Ali HusseinReleased: 9/9/2024

Potential Threats Or Network Anomalies Related To ICMP Inbound Connections

Author: Sergio AlbeaReleased: 9/9/2024

Check For Entra Legacy TLS Login

Author: Steven LimReleased: 9/8/2024

Check For Azure Outdated Security Protocols

Author: Steven LimReleased: 9/8/2024

Threat Hunting Azure Hound Usage

Author: Steven LimReleased: 9/7/2024

Detecting BYOVDLL Abuse

Author: Steven LimReleased: 9/6/2024

MDE TVM EDR Sensor Update

Author: Alex VerboonReleased: 9/5/2024

M365 Copilot Plugins Inventory Analysis

Author: Steven LimReleased: 9/5/2024

Entra Group Membership Report

Author: Bert-Jan PalsReleased: 9/4/2024

Unique Actions

Author: Bert-Jan PalsReleased: 9/3/2024

Soc Ghoulish

Author: Rod TrentReleased: 9/3/2024

Non Supported Agent Version Required For The Contain User Action By Attack Disruption

Author: Sergio AlbeaReleased: 9/3/2024

Monitor Privilege User SSPR

Author: Steven LimReleased: 9/3/2024

Identifying Methods Used To Establish Secure Communication Over Insecure Channels

Author: Sergio AlbeaReleased: 9/1/2024

Detecting EDR Killing Tool

Author: Steven LimReleased: 8/31/2024

Identify Endpoint Browser Extensions With Can Turnoff Malware Protections Permissions

Author: Michalis MichalosReleased: 8/29/2024

Communication At Risk Due To The Encryption Algorithms Ciphers In Use

Author: Sergio AlbeaReleased: 8/29/2024

Threat Hunting Microsoft Sway Quishing

Author: Steven LimReleased: 8/28/2024

Nltest Discovery

Author: Bert-Jan PalsReleased: 8/27/2024

Threat Hunting BYOVD Scenarios

Author: Steven LimReleased: 8/27/2024

Getsystemelevation C Smetasploit

Author: Ali HusseinReleased: 8/27/2024

Role Report

Author: Bert-Jan PalsReleased: 8/26/2024

Threat Hunting With MDE Device Discovery And Seen By Enrichment Function

Author: Steven LimReleased: 8/26/2024

Adfind Detection

Author: Ali HusseinReleased: 8/26/2024

Group Membership Report

Author: Bert-Jan PalsReleased: 8/25/2024

Peaklightinfection

Author: Ali HusseinReleased: 8/25/2024

Enriching CVE Tables With CVE Mitre Data

Author: Sergio AlbeaReleased: 8/25/2024

H

Author: Steven LimReleased: 8/25/2024

How Many Crowdstrike Clients Running On Microsoft Azure Globally

Author: Steven LimReleased: 8/25/2024

Use Exposure Management To Identify Local Ntlm Hashes From Sensitive Users

Author: Michalis MichalosReleased: 8/23/2024

Use Exposure Management To Chart User Groups With Local Admin Privileges

Author: Michalis MichalosReleased: 8/23/2024

CVE 2024 7971 Patch Prioritization

Author: Steven LimReleased: 8/22/2024

Email Bad Reputation ASN Activities

Author: Sergio AlbeaReleased: 8/22/2024

Infrastructure Vulnerability Exposure To Volt Typhoon

Author: Steven LimReleased: 8/22/2024

Entra ID Administrative Role AD Sync

Author: Steven LimReleased: 8/21/2024

MDE Remote Image Loads

Author: Bert-Jan PalsReleased: 8/20/2024

One Drive Sync From Rare IP

Author: Bert-Jan PalsReleased: 8/20/2024