Our Sponsors ❤️
Identity Directory Events Unusual Power Shell Execution
IdentityDirectoryEvents
Author: Jose Sebastián CanósReleased: April 30th, 2025
Zscalar IP Sign In Check
SigninLogs
Author: Jay KeraiReleased: April 29th, 2025
Uncovering Fast Flux With Sentinel Threat Intelligence
ThreatIntelIndicatorsDeviceNetworkEvents
Author: Steven LimReleased: April 28th, 2025
Hunt Devices Doing Rdp To Non Tpm Device
ExposureGraphNodesDeviceNetworkInfoDeviceNetworkEvents
Author: Robbe Van den DaeleReleased: April 26th, 2025
Detect Suspicious Ncrypt Usage With Suspicious Rdp Session
ExposureGraphNodesDeviceNetworkInfoDeviceNetworkEventsDeviceEvents
Author: Robbe Van den DaeleReleased: April 26th, 2025
Detect Suspicious Ncrypt Usage With Suspicious Admin Rdp Session
IdentityInfoExposureGraphEdgesExposureGraphNodesDeviceNetworkInfoDeviceNetworkEventsDeviceEvents
Author: Robbe Van den DaeleReleased: April 26th, 2025
Detect Multiple Whfb Prt Tokens Used Simultaneously For One Device
SigninLogs
Author: Robbe Van den DaeleReleased: April 26th, 2025
Hunt Devices Doing First Rdp Session
DeviceNetworkEvents
Author: Robbe Van den DaeleReleased: April 26th, 2025
Detect Suspicious Ncrypt Usage By Cli Tool Or Unknown Process
DeviceEvents
Author: Robbe Van den DaeleReleased: April 26th, 2025
Detect Suspicious Ncrypt Usage By Cli Tool Or Unknown Process With Nonce
DeviceNetworkEventsDeviceEvents
Author: Robbe Van den DaeleReleased: April 26th, 2025
Cookie Bite Detection
DeviceFileEventsDeviceProcessEvents
Author: Steven LimReleased: April 24th, 2025
Weaponized Files Extracting DLL Files After Execution
DeviceFileEventsDeviceEvents
Author: Sergio AlbeaReleased: April 23th, 2025
Suspicious RUNMRU Entry
DeviceRegistryEvents
Author: Bert-Jan PalsReleased: April 23th, 2025
Audit Logs Cross Tenant Settings Modified
AuditLogs
Author: Jose Sebastián CanósReleased: April 23th, 2025
AAD Service Principal Sign In Logs Suspicious Multiple Service Principal Authentication From IP Address
AADServicePrincipalSignInLogs
Author: Jose Sebastián CanósReleased: April 23th, 2025
Tracking Proton66 Activity With KQL
DeviceNetworkEvents
Author: Steven LimReleased: April 21th, 2025
Detection Response By Tracing File Lineage
DeviceFileEventsDeviceEvents
Author: Sergio AlbeaReleased: April 21th, 2025
Mitigating Security Risks In MCP Implementations
DeviceNetworkEvents
Author: Steven LimReleased: April 20th, 2025
Hunting Chrome Extension With Hidden Tracking
SecureAnnexDeviceFileEvents
Author: Steven LimReleased: April 18th, 2025
CVE 2025 24054 NTLM Exploit In The Wild Detection
DeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: April 16th, 2025
Device Network Events Uncommon Process Connection To Suspicious Domain
DeviceNetworkEvents
Author: Jose Sebastián CanósReleased: April 16th, 2025
Identity Directory Events Unexpected Service Creation
IdentityDirectoryEvents
Author: Jose Sebastián CanósReleased: April 16th, 2025
Modifications To Safe Links Allow Click Through Policy
OfficeActivity
Author: Jay KeraiReleased: April 16th, 2025
Burte Force Single I Pmultipledestinationswithin10minutes
DeviceLogonEvents
Author: Ali HusseinReleased: April 16th, 2025
Overprivileged Admin Consented O Auth Applications
OAuthAppInfo
Author: Steven LimReleased: April 15th, 2025
Azure Activity Snapshot Of Monitored Azure Resource
AzureActivity
Author: Jose Sebastián CanósReleased: April 15th, 2025
Most User Consent Application
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
External Application High Priv Permissions
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
Application Mail Permission
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
Unused High Priv Permissions
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
MDA O Auth App Disabled
AuditLogs
Author: Jay KeraiReleased: April 12nd, 2025
Ingestion Size Security Events
SecurityEvent
Author: Bert-Jan PalsReleased: April 12nd, 2025
Anti Sleep Domains MDE Device Network Events
DeviceNetworkEvents
Author: Jay KeraiReleased: April 11st, 2025
CVE 2025 29824 Pipe Magic Detection
DeviceEvents
Author: Steven LimReleased: April 11st, 2025
Last Password Change
IdentityDirectoryEvents
Author: Bert-Jan PalsReleased: April 9th, 2025
Check If Defender Easm Ips Or Hosts Are Mentioned In Ddosia Project Current Configuration
DDosiaIntelligenceEasmHostAsset_CL
Author: Michalis MichalosReleased: April 9th, 2025
Black Suitbublupexfil
DeviceNetworkEvents
Author: Ali HusseinReleased: April 9th, 2025
Unsgined Executionsfromuserdirectories
DeviceProcessEvents
Author: Ali HusseinReleased: April 9th, 2025
Workload Identity Info Xdr
IdentityInfoOAuthAppInfoExposureGraphNodesExposureGraphEdges
Author: Thomas NaunheimReleased: April 9th, 2025
Entra ID Oauth App Info
OAuthAppInfo
Author: Alex VerboonReleased: April 7th, 2025
Run Hunting Query Statistics
MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: April 7th, 2025
Review Required Outbound Connections To Work Wit Defender For Cloud Apps
DeviceNetworkEvents
Author: Sergio AlbeaReleased: April 7th, 2025
Run Hunting Query Execution
MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: April 6th, 2025
MDI Service Accounts
IdentityInfo
Author: Alex VerboonReleased: April 5th, 2025
MDE Portable Apps
DeviceFileEventsDeviceProcessEvents
Author: Alex VerboonReleased: April 5th, 2025
MDO Blocked UR Ls
UrlClickEventsEmailEventsEmailUrlInfo
Author: Alex VerboonReleased: April 5th, 2025
MDO Non RFC Compliant Emails
EmailEvents
Author: Alex VerboonReleased: April 5th, 2025
Detecting Domains Where Their Emails Will Be Routed To Junk Folders Due To New Outlook Requirement
EmailEvents
Author: Sergio AlbeaReleased: April 4th, 2025
Detect Suspicious Foci Token Logins
AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: March 27th, 2025
Identify Hot Spot Connections Shared Via I Phone
DeviceNetworkInfo
Author: Sergio AlbeaReleased: March 26th, 2025