Another day of Cybersecurity
You know the drill. A major alert lands, and within minutes, your screen is drowning in browser tabs, multiple consoles, stale queries that return nothing useful, and half-written notes scattered across random text files named something like “incident-final-09.txt.” That kind … Read the rest
PowerShell is a critical tool in any security team and IT admin’s arsenal, offering powerful scripting capabilities for automating tasks across both on-premises and cloud environments. However, its flexibility makes it an attractive target for attackers seeking to run malicious … Read the rest
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you’re diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.
Note: This repository is under development. … Read the rest
Azure DevOps provides a comprehensive suite of tools for developers to manage the software development lifecycle and incorporate security practices into their development processes.
Azure DevOps Auditing is a centralized log management and analysis tool for administrators and security teams … Read the rest
No One Is Immune. AnyDesk was breached, and the problem isn’t the breach itself. It’s the issue with using a remote desktop solution with malicious potential in a sensitive environment. Many investigations I did in the past involved Anydesk as … Read the rest
One of the key features of Microsoft Sentinel is the ability to ingest data from different sources, such as Azure services, Microsoft 365, third-party solutions, and custom connectors. Logs and Tables can store, query, and visualize this data in the … Read the rest
This post is updated constantly with queries from the field about the Microsoft 365 Defender and other security controls (ITDR, CASB, EDR, CSPM, CNAPP, etc.). Some of the queries are standard, and others are more advanced. Additionally, I’m breaking down … Read the rest
What’s going on inside the box? Is Service principal monitoring essential? If we rely on the SolarWinds event, this is necessary monitoring. The post will guide how to Monitor Service Principal with Microsoft Sentinel.
There are a few ways to … Read the rest
