Our Sponsors ❤️
Detect Suspicious Foci Token Logins
AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: March 27th, 2025
Identify Hot Spot Connections Shared Via I Phone
DeviceNetworkInfo
Author: Sergio AlbeaReleased: March 26th, 2025
Hunting Ingress Nightmare CVSS 98
DeviceInfoDeviceProcessEvents
Author: Steven LimReleased: March 25th, 2025
Detect Active Exploitation Of Critical Apache Tomcat RCE Vulnerability
DeviceInfoDeviceProcessEventsDeviceNetworkEvents
Author: Steven LimReleased: March 21th, 2025
Detecting Misconfigured EXO Transport Rules
EmailEvents
Author: Steven LimReleased: March 21th, 2025
ZDI CAN 25373 Windows Shortcut Exploit Abused Detection
DeviceEvents
Author: Steven LimReleased: March 20th, 2025
Hunt Device Discovery Subnet Ranges
DeviceNetworkInfo
Author: Robbe Van den DaeleReleased: March 19th, 2025
Device Network Events Uncommon Process Connection To Cloudfront Domain
DeviceNetworkEvents
Author: Jose Sebastián CanósReleased: March 18th, 2025
7Z To SM Bshare
DeviceProcessEvents
Author: Ali HusseinReleased: March 18th, 2025
Matching Url Redirectors From Urlclickevents Table With Openphish External Threat Intel Source
UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025
Matching Ip Redirectors From Urlclickevents Table With Urlhaus External Threat Intel Source
UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025
Unfolding Redirectors Using Urlclickevents Table
UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025
Privileged Unified Identity Info
IdentityInfoWorkloadIdentityInfo
Author: Thomas NaunheimReleased: March 17th, 2025
Detecting Unauthorized RMM Instances In Your MDE Environment
DeviceNetworkEvents
Author: Steven LimReleased: March 16th, 2025
Website Redirectors Device Network Events
DeviceNetworkEvents
Author: Jay KeraiReleased: March 15th, 2025
Kerberos Roasting Detection
IdentityLogonEvents
Author: Steven LimReleased: March 14th, 2025
Parsing Sign In Logs Tables
SigninLogsAADNonInteractiveUserSignInLogsADFSSignInLogsAADServicePrincipalSignInLogsAADManagedIdentitySignInLogs
Author: Jose Sebastián CanósReleased: March 14th, 2025
Detect Malicious Answers By DNS Queries
DeviceNetworkEvents
Author: Sergio AlbeaReleased: March 14th, 2025
Detect Malicious URL Answers By DNS Queries
DeviceNetworkEvents
Author: Sergio AlbeaReleased: March 14th, 2025
Defender XDR Medusa Ransomware Detection
DeviceNetworkEvents
Author: Steven LimReleased: March 13rd, 2025
Suspicious Run MR Uentries
DeviceRegistryEvents
Author: Ali HusseinReleased: March 13rd, 2025
Cloudflared Argo Tunnel DNS
DeviceNetworkEvents
Author: Ali HusseinReleased: March 13rd, 2025
Node JS Suspicious Executions
DeviceProcessEvents
Author: Ali HusseinReleased: March 13rd, 2025
Detect Service Acc Login On New Device
IdentityInfoDeviceLogonEvents
Author: Robbe Van den DaeleReleased: March 12nd, 2025
Defender XDR Weekly OSINT Indicators Scan 10032025
EmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: March 12nd, 2025
Defender XDR LDAP Enumeration Detection
IdentityQueryEvents
Author: Steven LimReleased: March 11st, 2025
End Of Life Software With File Paths Using TVM
DeviceTvmSoftwareInventoryDeviceTvmSoftwareEvidenceBeta
Author: Jay KeraiReleased: March 10th, 2025
Critical Vulnerability In Elastic Kibana
DeviceInfoDeviceProcessEvents
Author: Steven LimReleased: March 10th, 2025
Detect CVE 2025 27607 CVSS 88
DeviceProcessEvents
Author: Steven LimReleased: March 9th, 2025
Psexecsvcpy Detection
DeviceFileEventsDeviceEvents
Author: Steven LimReleased: March 9th, 2025
Audit Logs Entra ID User Created By Unexpected Actor
AuditLogs
Author: Jose Sebastián CanósReleased: March 7th, 2025
CVE 2025 22224 CVSS 93 CRITICAL Internet Facing V Mware Server Discovery
DeviceInfoDeviceProcessEvents
Author: Steven LimReleased: March 7th, 2025
Detecting Zero Day CVE 2025 21333 Privilege Escalation
DeviceProcessEventsDeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceEvents
Author: Steven LimReleased: March 6th, 2025
Hunt ADWS Requests From Unknown Device
DeviceNetworkInfoDeviceInfoDeviceNetworkEvents
Author: Robbe Van den DaeleReleased: March 6th, 2025
Hunting One On One Chats By Domains
CloudAppEvents
Author: Sergio AlbeaReleased: March 5th, 2025
Enriched Entra Sign In Logs Requested Token By Suspicious RT
SigninLogsAADNonInteractiveUserSignInLogsNetworkAccessTrafficAADSignInEventsBeta
Author: Thomas NaunheimReleased: March 5th, 2025
Enriched Entra Sign In Logs Gsa Enforcement By Ca Policy
SigninLogsAADNonInteractiveUserSignInLogsNetworkAccessTrafficAADSignInEventsBeta
Author: Thomas NaunheimReleased: March 5th, 2025
Enriched Entra Sign In Logs Suspicious Token Request
SigninLogsAADNonInteractiveUserSignInLogsNetworkAccessTraffic
Author: Thomas NaunheimReleased: March 5th, 2025
Exposed Tokens Overview Of Token Artifcats
ExposureGraphEdgesExposureGraphNodesAlertEvidence
Author: Thomas NaunheimReleased: March 5th, 2025
Enriched Entra Sign In Logs Token Protection Network Access
SigninLogsAADNonInteractiveUserSignInLogsNetworkAccessTraffic
Author: Thomas NaunheimReleased: March 5th, 2025
SLA Time To Respond
SecurityIncident
Author: Bert-Jan PalsReleased: March 3rd, 2025
Find Devices With Bit Locker Not Enabled
EncryptableVolume
Author: Ugur KocReleased: February 28th, 2025
System age And Update Status analysis
OsVersionWindowsQfe
Author: Ugur KocReleased: February 28th, 2025
Identify Devices With Outdated BIOS
BiosInfo
Author: Ugur KocReleased: February 28th, 2025
Find Devices With Multiple Physical Disks
DiskDrive
Author: Ugur KocReleased: February 28th, 2025
Identify CPU Architecture Distribution
Cpu
Author: Ugur KocReleased: February 28th, 2025
Identifying Domains Added Into Browser Security Zones Via CLI
DeviceEvents
Author: Sergio AlbeaReleased: February 27th, 2025
Exploring M365 Accounts Investigation
AuditLogsSigninLogsCloudAppEvents
Author: Steven LimReleased: February 27th, 2025
Kerberos Failures
SecurityEvent
Author: Daniel CardReleased: February 27th, 2025
Network Info Per Device
DeviceNetworkInfo
Author: Daniel CardReleased: February 27th, 2025