Our Sponsors ❤️
Cloudflared Tunnel
DeviceProcessEvents
Author: C.J. MayReleased: June 20th, 2025
External Attack Surface Monitoring KQL
ExposureGraphNodesDeviceNetworkEvents
Author: Steven LimReleased: June 18th, 2025
Social Engineering Attack Detection
EmailEventsDeviceNetworkEventsRMMList
Author: Steven LimReleased: June 18th, 2025
User Account Deletion
SecurityEvent
Author: Bert-Jan PalsReleased: June 16th, 2025
Detect Cred Add To Connect Sync Application
AuditLogs
Author: Robbe Van den DaeleReleased: June 16th, 2025
Detect Changes To Connect Sync Application
AuditLogs
Author: Robbe Van den DaeleReleased: June 16th, 2025
TA4557 Drops More Eggs
DeviceEvents
Author: Steven LimReleased: June 16th, 2025
CVE 2025 33073 Detection
DeviceInfoDnsEvents
Author: Steven LimReleased: June 16th, 2025
Entra ID PIM Role Activations
AuditLogs
Author: Alex VerboonReleased: June 15th, 2025
MDE Defenderpassivemode
DeviceTvmInfoGathering
Author: Alex VerboonReleased: June 15th, 2025
Entra ID Disabled Userswith Priv Roles
IdentityInfo
Author: Alex VerboonReleased: June 15th, 2025
Entra ID Enterprise Apps Deleted
AuditLogs
Author: Alex VerboonReleased: June 15th, 2025
MDE Windows Server Client Missing Updates Summary
DeviceTvmSoftwareVulnerabilitiesDeviceInfo
Author: Alex VerboonReleased: June 15th, 2025
Discord Invite Hijacking Detection
DeviceNetworkEvents
Author: Steven LimReleased: June 15th, 2025
MDE Office365version History
DeviceTvmSoftwareInventory
Author: Alex VerboonReleased: June 14th, 2025
Suspicious O Auth Applications Used To Retrieve And Send Emails
OAuthAppInfo
Author: Steven LimReleased: June 14th, 2025
Potential Commands Executed By A Power Shellexe Renamed
DeviceProcessEvents
Author: Sergio AlbeaReleased: June 12nd, 2025
Hunt MSOL Azure AD Connect Or Entra Sync Servers
DeviceTvmSoftwareInventory
Author: Robbe Van den DaeleReleased: June 12nd, 2025
APT Stealth Falcon CVE 2025 33053 Detection
DeviceFileEventsDeviceProcessEvents
Author: Steven LimReleased: June 11st, 2025
Conditional Access Baseline Gap Detected Due Policy Change
AuditLogsMaester_CL
Author: Thomas NaunheimReleased: June 11st, 2025
Auth Methods Token Bounded Cae
SigninLogsAADNonInteractiveUserSignInLogs
Author: Thomas NaunheimReleased: June 11st, 2025
Audit User Tries To Change Password To A Non Complying Password
AuditLogs
Author: Jay KeraiReleased: June 10th, 2025
Disabled Account Attack Disruption
CloudAppEvents
Author: Bert-Jan PalsReleased: June 8th, 2025
ANYRUN Obfuscated BAT Dropper Delivers Net Support RAT Post
DeviceProcessEventsDeviceRegistryEvents
Author: Steven LimReleased: June 6th, 2025
2 Sensitive Labels In Azure Resources
securityresources
Author: Thomas NaunheimReleased: June 4th, 2025
2 Adv Correlation Between Alert And Attack Path
SecurityAlert
Author: Thomas NaunheimReleased: June 4th, 2025
3 EPM Insights
securityresources
Author: Thomas NaunheimReleased: June 4th, 2025
2 Custom Graph Query On Recommendations And Target
ExposureGraphEdgesExposureGraphNodes
Author: Thomas NaunheimReleased: June 4th, 2025
1 Correlation Between Alert And Attack Path
securityresourcesSecurityAlert
Author: Thomas NaunheimReleased: June 4th, 2025
1 List Of Critical Azure Resources In XSPM
ExposureGraphNodesAlertEvidence
Author: Thomas NaunheimReleased: June 4th, 2025
1 Overview Of Attack Paths
securityresources
Author: Thomas NaunheimReleased: June 4th, 2025
3 Correlation Between CSPM And Identity Info
securityresourcesIdentityInfoauthorizationresources
Author: Thomas NaunheimReleased: June 4th, 2025
3 Finding Sensitive Roles With CSPM Posture And Used By O Auth
WorkloadIdentityInfoXdr
Author: Thomas NaunheimReleased: June 4th, 2025
Quarantined Messages
MessagePostDeliveryEventsMessageEventsMessageUrlInfo
Author: Jose Sebastián CanósReleased: June 4th, 2025
Quarantined Emails
EmailPostDeliveryEventsEmailEvents
Author: Jose Sebastián CanósReleased: June 4th, 2025
Ottercookie Detection
DeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: June 4th, 2025
NTL Mv2 Hash Leak Via COM Detection
DeviceLogonEventsDeviceNetworkEvents
Author: Steven LimReleased: May 31th, 2025
O Auth App Using The OD File Picker Permission
OAuthAppInfo
Author: Steven LimReleased: May 31th, 2025
One Click ANY RUN Storm 1747 KQL Scan
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 29th, 2025
Hunting Dragon Force With ANYRUN Threat Intelligence
WeeklyOSINTEmailAttachmentInfoDeviceFileEvents
Author: Steven LimReleased: May 29th, 2025
IO Cs Associated With Apt41s Malware Delivery Via Google Calendar
EmailEventsUrlClickEventsEmailAttachmentInfo
Author: Sergio AlbeaReleased: May 28th, 2025
App Sheetcom Abused To Send Phish
EmailEvents
Author: Steven LimReleased: May 28th, 2025
Detect Suspicious Actions To Change Desktop Background
DeviceProcessEvents
Author: Sergio AlbeaReleased: May 28th, 2025
Detect Suspicious Files Dropped Into Public Folder
DeviceEvents
Author: Sergio AlbeaReleased: May 28th, 2025
Modify Credentials Entra Connect App Identity
OAuthAppInfoAuditLogs
Author: Thomas NaunheimReleased: May 28th, 2025
Ca Mfa Exclude Rule Xdr
AADSCA_CAP_CLAADSignInEventsBeta
Author: Thomas NaunheimReleased: May 27th, 2025
Entra ID PIM Role Setting Changes
AuditLogs
Author: Alex VerboonReleased: May 24th, 2025
Defendnot Detection
DeviceTvmInfoGatheringDeviceRegistryEvents
Author: Steven LimReleased: May 23th, 2025
Blob URI Unique Domain Count
DeviceFileEvents
Author: Steven LimReleased: May 22th, 2025
CVE 2025 32705 Out Of Bounds Read Detection
EmailAttachmentInfoEmailEventsDeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceEvents
Author: Steven LimReleased: May 22th, 2025