KQL Search
Assistant
Generator
Lab
Our Sponsors
❤️
Become a Sponsor
Show Advanced Filters
Table:
Select...
Author:
Select...
Keyword:
Select...
Operator:
Select...
Newsletter
Popular Queries
Statistics
Submit query
Device Query
Detecting Twill Typhoon VS Code Exploit
Author:
Steven Lim
Released:
9/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Windows Downdate Abuse
Author:
Steven Lim
Released:
9/14/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Suspicious Certificates In Endpoints With Zero Keysize And No Signature Algorithm
Author:
Michalis Michalos
Released:
9/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Interactive Web Login
Author:
Rod Trent
Released:
9/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect External Sources Scanning My Exposed Devices
Author:
Sergio Albea
Released:
9/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE TVM Exposure Level
Author:
Alex Verboon
Released:
9/12/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Office365 Customer Lockbox
Author:
Alex Verboon
Released:
9/12/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Office365 Recycled Restored
Author:
Alex Verboon
Released:
9/12/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Microsoft September Updates
Author:
Sergio Albea
Released:
9/11/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra Roles Report
Author:
Bert-Jan Pals
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Devtunnelcodetunneling
Author:
Ali Hussein
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Devtunnel Registry
Author:
Ali Hussein
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Dev Tunnel File Events
Author:
Ali Hussein
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Dev Tunnelnetworkdetection
Author:
Ali Hussein
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Potential Threats Or Network Anomalies Related To ICMP Inbound Connections
Author:
Sergio Albea
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Check For Entra Legacy TLS Login
Author:
Steven Lim
Released:
9/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Check For Azure Outdated Security Protocols
Author:
Steven Lim
Released:
9/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Threat Hunting Azure Hound Usage
Author:
Steven Lim
Released:
9/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting BYOVDLL Abuse
Author:
Steven Lim
Released:
9/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE TVM EDR Sensor Update
Author:
Alex Verboon
Released:
9/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
M365 Copilot Plugins Inventory Analysis
Author:
Steven Lim
Released:
9/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra Group Membership Report
Author:
Bert-Jan Pals
Released:
9/4/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Unique Actions
Author:
Bert-Jan Pals
Released:
9/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Soc Ghoulish
Author:
Rod Trent
Released:
9/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Non Supported Agent Version Required For The Contain User Action By Attack Disruption
Author:
Sergio Albea
Released:
9/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Monitor Privilege User SSPR
Author:
Steven Lim
Released:
9/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identifying Methods Used To Establish Secure Communication Over Insecure Channels
Author:
Sergio Albea
Released:
9/1/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting EDR Killing Tool
Author:
Steven Lim
Released:
8/31/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Endpoint Browser Extensions With Can Turnoff Malware Protections Permissions
Author:
Michalis Michalos
Released:
8/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Communication At Risk Due To The Encryption Algorithms Ciphers In Use
Author:
Sergio Albea
Released:
8/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Threat Hunting Microsoft Sway Quishing
Author:
Steven Lim
Released:
8/28/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Nltest Discovery
Author:
Bert-Jan Pals
Released:
8/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Threat Hunting BYOVD Scenarios
Author:
Steven Lim
Released:
8/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Getsystemelevation C Smetasploit
Author:
Ali Hussein
Released:
8/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Role Report
Author:
Bert-Jan Pals
Released:
8/26/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Threat Hunting With MDE Device Discovery And Seen By Enrichment Function
Author:
Steven Lim
Released:
8/26/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Adfind Detection
Author:
Ali Hussein
Released:
8/26/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Group Membership Report
Author:
Bert-Jan Pals
Released:
8/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Peaklightinfection
Author:
Ali Hussein
Released:
8/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Enriching CVE Tables With CVE Mitre Data
Author:
Sergio Albea
Released:
8/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
H
Author:
Steven Lim
Released:
8/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
How Many Crowdstrike Clients Running On Microsoft Azure Globally
Author:
Steven Lim
Released:
8/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Use Exposure Management To Identify Local Ntlm Hashes From Sensitive Users
Author:
Michalis Michalos
Released:
8/23/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Use Exposure Management To Chart User Groups With Local Admin Privileges
Author:
Michalis Michalos
Released:
8/23/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2024 7971 Patch Prioritization
Author:
Steven Lim
Released:
8/22/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Email Bad Reputation ASN Activities
Author:
Sergio Albea
Released:
8/22/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Infrastructure Vulnerability Exposure To Volt Typhoon
Author:
Steven Lim
Released:
8/22/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra ID Administrative Role AD Sync
Author:
Steven Lim
Released:
8/21/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Remote Image Loads
Author:
Bert-Jan Pals
Released:
8/20/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
One Drive Sync From Rare IP
Author:
Bert-Jan Pals
Released:
8/20/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X