KQL Search

Click Fix Social Engineering Attack Detection

Author: Steven LimReleased: 11/20/2024

Detecting Brazen Bamboos Forti Client Exploit A KQL Approach

Author: Steven LimReleased: 11/19/2024

Azure Dev Ops Third Party Application Access Via O Auth

Author: Alex VerboonReleased: 11/18/2024

Azure Dev Ops Log Audit Events

Author: Alex VerboonReleased: 11/18/2024

Azure Dev Ops Enable IP Conditional Access Policy Validation

Author: Alex VerboonReleased: 11/18/2024

Azure Dev Ops External Guest Access

Author: Alex VerboonReleased: 11/18/2024

Azure Dev Ops Allow Public Projects

Author: Alex VerboonReleased: 11/18/2024

Azure Dev Ops Additional Protection When Using Public Package Registries

Author: Alex VerboonReleased: 11/18/2024

Azure Dev Ops SSH Authentication

Author: Alex VerboonReleased: 11/18/2024

CVE 2024 0012 PAN OS Authentication Bypass In The Management Web Interface

Author: Steven LimReleased: 11/18/2024

Brands Impersonation Phishing Trend

Author: Steven LimReleased: 11/18/2024

Innovative Detection Techniques Against ZIP Concatenation Attacks

Author: Steven LimReleased: 11/17/2024

Missing Dlp Rule Match Entities In Cloud App Events

Author: Jose Sebastián CanósReleased: 11/15/2024

Monitor Privileged Role Assignments

Author: Gianni CastaldiReleased: 11/15/2024

Monitor Break The Glass Groups

Author: Gianni CastaldiReleased: 11/15/2024

CVE 2024 49039 Windows Task Scheduler Elevation Of Privilege Vulnerability

Author: Steven LimReleased: 11/15/2024

Security Event Unusual Authentication Failure Status

Author: Jose Sebastián CanósReleased: 11/14/2024

Dns Events Possible DNS Recon Query

Author: Jose Sebastián CanósReleased: 11/14/2024

Big Yellow Taxi Sign In

Author: Bert-Jan PalsReleased: 11/13/2024

Weird DNS Queries

Author: Jose Sebastián CanósReleased: 11/13/2024

Monitoring Cross Tenant Abuse By Threat Actors

Author: Steven LimReleased: 11/13/2024

CVE 2024 43451 Zero Day NTLM Hash Disclosure Spoofing Vulnerability

Author: Steven LimReleased: 11/13/2024

Detecting FIDO2 Passkey Abuse

Author: Steven LimReleased: 11/12/2024

Phishing By Design Two Step Attacks Using Vsdx Files

Author: Steven LimReleased: 11/12/2024

Dns Events Unusual DNS Query Type Of Internal Domain

Author: Jose Sebastián CanósReleased: 11/11/2024

Server Domain Firewall Profile Check

Author: Philip MarshReleased: 11/10/2024

Enabled Account Password Spray Detection

Author: @H1dd3n00bReleased: 11/10/2024

Linux Privileged Command Detection

Author: Vighnesh SivanesanReleased: 11/10/2024

MDA Custom Warn Indicators Report

Author: Jay KeraiReleased: 11/10/2024

Chinese APT VS Code Exploitation Detection

Author: @KevinDrgzReleased: 11/10/2024

Windows Security Log Enumeration Detection

Author: Andre ZeemeringReleased: 11/10/2024

Known Bad Hash Process Detection

Author: Nick D.Released: 11/10/2024

Malware Bazaar Certificate Blocklist Detection

Author: Jay KeraiReleased: 11/10/2024

Shadow Credentials Attack Detection

Author: User SubmissionReleased: 11/10/2024

Trusted Installer Abuse Detection

Author: Jay KeraiReleased: 11/10/2024

ZAP Email Click Detection

Author: Viktor UtterReleased: 11/10/2024

Sent Items Deletion Detection

Author: Muzammil MahmoodReleased: 11/10/2024

Device ATP Tampering Detection

Author: Jay KeraiReleased: 11/10/2024

APT29 Team Viewer Activity Detection

Author: Arnold ChanReleased: 11/10/2024

Power Shell Defensive Evasion Detection

Author: Jay KeraiReleased: 11/10/2024

Purview Audit Search Monitoring

Author: PuravReleased: 11/10/2024

Defender Script Scanning Disable Detection

Author: Emre AyReleased: 11/10/2024

Daily Data Usage And User Analysis

Author: Muzammil MahmoodReleased: 11/10/2024

FOCI Client ID Detection

Author: Jay KeraiReleased: 11/10/2024

Default Local Admin Logon Detection

Author: Loris AmbrozzoReleased: 11/10/2024

AD Provisioning Attribute Modification Report

Author: Suryendu BhattacharyyaReleased: 11/10/2024

Malicious ISP Detection

Author: Sergio AlbeaReleased: 11/10/2024

External Device Logon Detection

Author: Bonk82Released: 11/10/2024

Hanada Group Crowdstrike Impersonation Detection

Author: Jay KeraiReleased: 11/10/2024

New Entra ID Audit Operations Detection

Author: Abiodun AdegbolaReleased: 11/10/2024

KQL Search

Our Sponsors ❤️

Click Fix Social Engineering Attack Detection

Detecting Brazen Bamboos Forti Client Exploit A KQL Approach

Azure Dev Ops Third Party Application Access Via O Auth

Azure Dev Ops Log Audit Events

Azure Dev Ops Enable IP Conditional Access Policy Validation

Azure Dev Ops External Guest Access

Azure Dev Ops Allow Public Projects

Azure Dev Ops Additional Protection When Using Public Package Registries

Azure Dev Ops SSH Authentication

CVE 2024 0012 PAN OS Authentication Bypass In The Management Web Interface

Brands Impersonation Phishing Trend

Innovative Detection Techniques Against ZIP Concatenation Attacks

Missing Dlp Rule Match Entities In Cloud App Events

Monitor Privileged Role Assignments

Monitor Break The Glass Groups

CVE 2024 49039 Windows Task Scheduler Elevation Of Privilege Vulnerability

Security Event Unusual Authentication Failure Status

Dns Events Possible DNS Recon Query

Big Yellow Taxi Sign In

Weird DNS Queries

Monitoring Cross Tenant Abuse By Threat Actors

CVE 2024 43451 Zero Day NTLM Hash Disclosure Spoofing Vulnerability

Detecting FIDO2 Passkey Abuse

Phishing By Design Two Step Attacks Using Vsdx Files

Dns Events Unusual DNS Query Type Of Internal Domain

Server Domain Firewall Profile Check

Enabled Account Password Spray Detection

Linux Privileged Command Detection

MDA Custom Warn Indicators Report

Chinese APT VS Code Exploitation Detection

Windows Security Log Enumeration Detection

Known Bad Hash Process Detection

Malware Bazaar Certificate Blocklist Detection

Shadow Credentials Attack Detection

Trusted Installer Abuse Detection

ZAP Email Click Detection

Sent Items Deletion Detection

Device ATP Tampering Detection

APT29 Team Viewer Activity Detection

Power Shell Defensive Evasion Detection

Purview Audit Search Monitoring

Defender Script Scanning Disable Detection

Daily Data Usage And User Analysis

FOCI Client ID Detection

Default Local Admin Logon Detection

AD Provisioning Attribute Modification Report

Malicious ISP Detection

External Device Logon Detection

Hanada Group Crowdstrike Impersonation Detection

New Entra ID Audit Operations Detection