Just another day of IR, Threat-Hunting & Microsoft Security
One of the key features of Microsoft Sentinel is the ability to ingest data from different sources, such as Azure services, Microsoft 365, third-party solutions, and custom connectors. Logs and Tables can store, query, and...
This post is updated constantly with queries from the field about the Microsoft 365 Defender. Some of the queries are standard, and others are advanced. Additionally, I’m breaking down the queries into building blocks and explanations.
What’s going on inside the box? Is Service principal monitoring essential? If we rely on the SolarWinds event, this is necessary monitoring. The post will guide how to Monitor Service Principal with Microsoft Sentinel. There...
Managing comprehensive security products and controls can be complicated, requiring a specific skill set and control over the security process. In addition to managing complexity is tracking where the simulation activities, alerts, and results are...
How do you investigate an Active Directory environment? are you also analyzing the metadata or just investigating an event log on each DC? If you investigate only the event logs, in some cases, it’s not...
Roses Are Red, Violets are Blue, and If you think your RDP is secure, I’ve some ransomware. There’s been a tremendous increase in cybercriminals attempting to perform attacks by exploiting remote login credentials over the...
An attacker is like a lover. He teases until he finds the right moment to act on your network. This behavior is the same for the PowerShell attack. The following post focuses on PowerShell obfuscation and...
Recently, there have been massive cyberattacks against cloud providers and on-premises environments, the most recent of which is the attack and exploitation of vulnerabilities against Exchange servers – The HAFNIUM. This post focus on Microsoft Sentinel...
