Our Sponsors ❤️
NTL Mv2 Hash Leak Via COM Detection
DeviceLogonEventsDeviceNetworkEvents
Author: Steven LimReleased: May 31th, 2025
O Auth App Using The OD File Picker Permission
OAuthAppInfo
Author: Steven LimReleased: May 31th, 2025
One Click ANY RUN Storm 1747 KQL Scan
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 29th, 2025
Hunting Dragon Force With ANYRUN Threat Intelligence
WeeklyOSINTEmailAttachmentInfoDeviceFileEvents
Author: Steven LimReleased: May 29th, 2025
IO Cs Associated With Apt41s Malware Delivery Via Google Calendar
EmailEventsUrlClickEventsEmailAttachmentInfo
Author: Sergio AlbeaReleased: May 28th, 2025
App Sheetcom Abused To Send Phish
EmailEvents
Author: Steven LimReleased: May 28th, 2025
Detect Suspicious Actions To Change Desktop Background
DeviceProcessEvents
Author: Sergio AlbeaReleased: May 28th, 2025
Detect Suspicious Files Dropped Into Public Folder
DeviceEvents
Author: Sergio AlbeaReleased: May 28th, 2025
Modify Credentials Entra Connect App Identity
OAuthAppInfoAuditLogs
Author: Thomas NaunheimReleased: May 28th, 2025
Entra ID PIM Role Setting Changes
AuditLogs
Author: Alex VerboonReleased: May 24th, 2025
Defendnot Detection
DeviceTvmInfoGatheringDeviceRegistryEvents
Author: Steven LimReleased: May 23th, 2025
Blob URI Unique Domain Count
DeviceFileEvents
Author: Steven LimReleased: May 22th, 2025
CVE 2025 32705 Out Of Bounds Read Detection
EmailAttachmentInfoEmailEventsDeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceEvents
Author: Steven LimReleased: May 22th, 2025
CVSS 98 Rockwell Automation Impacted By High Severity Log4net Vulnerability
DeviceInfo
Author: Steven LimReleased: May 22th, 2025
Glibc Critical Vulnerability CVSS 98
DeviceFileEvents
Author: Steven LimReleased: May 22th, 2025
Defender XDR Weekly OSINT Indicators Scan 05052025
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025
Defender XDR Weekly OSINT Indicators Scan 19052025
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025
Defender XDR Weekly OSINT Indicators Scan 12052025
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025
Bad Successor Detection
SecurityEventDeviceRegistryEvents
Author: Steven LimReleased: May 22th, 2025
Malware C2 Comms Over Azure Blob Metadata
DeviceNetworkEvents
Author: Steven LimReleased: May 21th, 2025
Global Admin Entra Cookie With Chrome Zero Day
ExposureGraphNodesExposureGraphEdgesDeviceProcessEvents
Author: Steven LimReleased: May 20th, 2025
Senstive Large File Uploads Using Cloud App Events
CloudAppEvents
Author: Jay KeraiReleased: May 20th, 2025
AD Group Policy
IdentityDirectoryEvents
DeviceEvents
Author: Alex VerboonReleased: May 19th, 2025
AD Account Password Not Required Changed
IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025
AD Computer Object OS Name Changed
IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025
AD User Device Object OU Moves
IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025
Devices With High Severity CV Es With Exploits Available
DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB
Author: Jay KeraiReleased: May 19th, 2025
Entra Falcon Detection
SigninLogsAADNonInteractiveUserSignInLogs
Author: Steven LimReleased: May 19th, 2025
Detecting Social Engineering Attacks In Teams With KQL
MessageUrlInfoMessageEvents
Author: Steven LimReleased: May 17th, 2025
Critical Identities With Zero Day Chrome Vulnerability
ExposureGraphNodesExposureGraphEdgesDeviceProcessEvents
Author: Steven LimReleased: May 17th, 2025
CVE 2025 4664 Chrome Flaw With Public Exploit
DeviceProcessEvents
Author: Steven LimReleased: May 16th, 2025
Identities Set To Password Never Expires With Blast Radius Value Or Tagged As Sensitive
IdentityInfo
Author: Michalis MichalosReleased: May 16th, 2025
Azure AI Security Finding Report
ExposureGraphEdges
Author: Steven LimReleased: May 14th, 2025
ASN Generating High Number Of Connection Requests Based On Average
DeviceNetworkEvents
Author: Sergio AlbeaReleased: May 14th, 2025
User Information Collected Externally When A URL Is Clicked
UrlClickEventsEmailEvents
Author: Sergio AlbeaReleased: May 14th, 2025
Audit User Marked As Compromised By Admin Or App
AuditLogsSigninLogsAADServicePrincipalSignInLogsAADManagedIdentitySignInLogs
Author: Jay KeraiReleased: May 13rd, 2025
Detecting M365 Copilot Shared Agent
CloudAppEvents
Author: Steven LimReleased: May 12nd, 2025
Internet Facing Devices Vulnerablility Report
DeviceInfoDeviceTvmSoftwareVulnerabilities
Author: Steven LimReleased: May 12nd, 2025
Security Event Kerberoasting Attack
SecurityEvent
Author: Jose Sebastián CanósReleased: May 12nd, 2025
Modifications To Application Management Policy For Entra App Registrations
AuditLogs
Author: Jay KeraiReleased: May 11st, 2025
Blob UR Is Creation Trend Analysis
DeviceFileEvents
Author: Steven LimReleased: May 11st, 2025
Purview DLP Activity File Printed
CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025
Purview DLP Activity File Copied To Remote Desktop Session
CloudAppEventsDeviceNetworkEvents
Author: Alex VerboonReleased: May 11st, 2025
Purview DLP Activity File Uploaded To Cloud
CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025
Purview DLP Activity File Copied To Clipboard
CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025
RMM Hunting With Sentinel TI
ThreatIntelIndicators
Author: Steven LimReleased: May 10th, 2025
SAP Net Weaver Attack By Chinese Threat Actor Impact Assessment
DeviceInfoDeviceProcessEventsDeviceNetworkEvents
Author: Steven LimReleased: May 10th, 2025
Entra Administrative Units
AuditLogsCloudAppEvents
Author: Alex VerboonReleased: May 10th, 2025
CVE 2025 20188 CVSS 10 Out Of 10
DeviceInfo
Author: Steven LimReleased: May 10th, 2025
Outlook New Requirements For High Volume Senders
EmailEvents
Author: Steven LimReleased: May 8th, 2025