Our Sponsors ❤️
Visualizing Fortigate Cve 2022 40684 Belsen Group Leaked Affected Ips
RawFortiGateIPs
Author: Michalis MichalosReleased: January 17th, 2025
KQL Wiz PDF NTLM Leak Detector
DeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: January 16th, 2025
Ivanti Vulnerabilities CVE 2025 0282 And CVE 2025 0283
DeviceTvmSoftwareInventory
Author: Sergio AlbeaReleased: January 15th, 2025
Detecting Base64 Code In Commands
DeviceFileEvents
Author: Sergio AlbeaReleased: January 15th, 2025
Hunting Fasthttp Bruteforce Campaign
AADSignInEventsBeta
Author: Steven LimReleased: January 15th, 2025
Detecting Lumma Stealer Commands
DeviceFileEvents
Author: Sergio AlbeaReleased: January 14th, 2025
DeviceFileEvents
Author: Sergio AlbeaReleased: January 14th, 2025
Hunt For High Volume Phish ISP
CloudAppEventsEmailEvents
Author: Steven LimReleased: January 14th, 2025
MDO Email Threat Classification By ISP
CloudAppEventsEmailEvents
Author: Steven LimReleased: January 12nd, 2025
MDO Email Threat Classification By Country
EmailEvents
Author: Steven LimReleased: January 11st, 2025
Hunting Non Euclid RAT
DeviceFileEventsDeviceEvents
Author: Steven LimReleased: January 10th, 2025
Hunting Aqua Blizzards
DeviceNetworkEvents
Author: Steven LimReleased: January 10th, 2025
Azure P2S Point To Site Connection Success Username And IP Parser
AzureDiagnosticsAADNonInteractiveUserSignInLogs
Author: Jay KeraiReleased: January 9th, 2025
CVES Cases
DeviceTvmSoftwareInventory
Author: Sergio AlbeaReleased: January 9th, 2025
Signin Logs Potential Compliant Device Bypass Attempt
SigninLogs
Author: Jose Sebastián CanósReleased: January 8th, 2025
CVE 2024 43452 Po C Detection
DeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceFileCertificateInfoDeviceEventsDeviceNetworkEvents
Author: Steven LimReleased: January 7th, 2025
CVE 2024 49113 LDAP Nightmare
DeviceNetworkEvents
Author: Bert-Jan PalsReleased: January 6th, 2025
Resource Lock Deletion For Azure Monitor Rule
AzureActivity
Author: Jay KeraiReleased: January 4th, 2025
Machine Onboarded
AzureActivity
Author: Bert-Jan PalsReleased: January 4th, 2025
LDAP Nightmare POC Detection
DnsEvents
Author: Steven LimReleased: January 3rd, 2025
Log Analytic Workspace Deletions
AzureActivity
Author: Jay KeraiReleased: January 2nd, 2025
Sentinel Incident Deletions
AzureActivity
Author: Jay KeraiReleased: January 2nd, 2025
Azure Monitor Rule Disabled
AzureActivity
Author: Jay KeraiReleased: January 1st, 2025
Bring Your Own Minifilter EDR Bypass
DeviceProcessEventsDeviceRegistryEvents
Author: Jay KeraiReleased: December 31th, 2024
Living Off The Tunnels IOCS
DeviceNetworkEvents
Author: Jay KeraiReleased: December 30th, 2024
Security Event AD Unusual Operation
SecurityEvent
Author: Jose Sebastián CanósReleased: December 30th, 2024
Hunting Malicious Chrome Extension
DeviceFileEvents
Author: Steven LimReleased: December 30th, 2024
Custom Detection Disabled
CloudAppEvents
Author: Bert-Jan PalsReleased: December 28th, 2024
CVE 2024 3393 DDOS Detection
CommonSecurityLog
Author: Steven LimReleased: December 27th, 2024
Malicious Senders Hidden Behind Anonymous Proxies
CloudAppEvents
Author: Sergio AlbeaReleased: December 26th, 2024
Rating IS Ps To Detect Potential Malicious Domains Sending Threats
EmailEvents
Author: Sergio AlbeaReleased: December 26th, 2024
Detection Of OOF Message Delivered Externally
EmailEvents
Author: Sergio AlbeaReleased: December 26th, 2024
Detect Spoofed Email Cases
EmailEventsIdentityInfo
Author: Sergio AlbeaReleased: December 26th, 2024
September Updates
DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB
Author: Sergio AlbeaReleased: December 26th, 2024
Anonymized Microsoft Graph Activity Logs
MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: December 23th, 2024
Monitor Exclusion Into Conditional Access Policies
AADSignInEventsBeta
Author: Sergio AlbeaReleased: December 23th, 2024
TI Feed Tor Connections
DeviceNetworkEvents
Author: Bert-Jan PalsReleased: December 21th, 2024
Advanced Vishing KQL Detection
TeamsCallLog
Author: Steven LimReleased: December 19th, 2024
Url Haus Abusech Hits In Microsoft Teams
CloudAppEvents
Author: Sergio AlbeaReleased: December 18th, 2024
Power Shell Self Pwn
IdentityInfoDeviceEventsDeviceProcessEvents
Author: Steven LimReleased: December 17th, 2024
Ransomware Tool Matrix Defender Lookup
DeviceProcessEvents
Author: Jay KeraiReleased: December 16th, 2024
Hunting For Registry Artifacts Of Service Creation
DeviceRegistryEvents
Author: Sergio AlbeaReleased: December 13rd, 2024
Hunting For Process Command Line Artifacts Of Service Creation
DeviceProcessEvents
Author: Sergio AlbeaReleased: December 13rd, 2024
Old BIOS Versions
BiosInfo
Author: Ugur KocReleased: December 13rd, 2024
Find Processes With Unusually High Thread Or Handle Counts
Process
Author: Ugur KocReleased: December 13rd, 2024
Flag Processes With Disproportionately Large Virtual Memory Usage
Process
Author: Ugur KocReleased: December 13rd, 2024
Identify Top Disk IO Processes
Process
Author: Ugur KocReleased: December 13rd, 2024
Identify Programs Set To Auto Run At Startup
WindowsRegistry
Author: Ugur KocReleased: December 13rd, 2024
Check If TPM 20 Is Available
Tpm
Author: Ugur KocReleased: December 13rd, 2024
Microsoft Graph Activity Logs Missing Logs
MicrosoftGraphActivityLogs
Author: Jose Sebastián CanósReleased: December 12nd, 2024