Weaponized Files Extracting DLL Files After Execution

DeviceFileEventsDeviceEvents
Author: Sergio AlbeaReleased: April 23th, 2025

Suspicious RUNMRU Entry

DeviceRegistryEvents
Author: Bert-Jan PalsReleased: April 23th, 2025

Audit Logs Cross Tenant Settings Modified

AuditLogs
Author: Jose Sebastián CanósReleased: April 23th, 2025

AAD Service Principal Sign In Logs Suspicious Multiple Service Principal Authentication From IP Address

AADServicePrincipalSignInLogs
Author: Jose Sebastián CanósReleased: April 23th, 2025

Tracking Proton66 Activity With KQL

DeviceNetworkEvents
Author: Steven LimReleased: April 21th, 2025

Detection Response By Tracing File Lineage

DeviceFileEventsDeviceEvents
Author: Sergio AlbeaReleased: April 21th, 2025

Mitigating Security Risks In MCP Implementations

DeviceNetworkEvents
Author: Steven LimReleased: April 20th, 2025

Hunting Chrome Extension With Hidden Tracking

SecureAnnexDeviceFileEvents
Author: Steven LimReleased: April 18th, 2025

CVE 2025 24054 NTLM Exploit In The Wild Detection

DeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: April 16th, 2025

Device Network Events Uncommon Process Connection To Suspicious Domain

DeviceNetworkEvents
Author: Jose Sebastián CanósReleased: April 16th, 2025

Identity Directory Events Unexpected Service Creation

IdentityDirectoryEvents
Author: Jose Sebastián CanósReleased: April 16th, 2025

Modifications To Safe Links Allow Click Through Policy

OfficeActivity
Author: Jay KeraiReleased: April 16th, 2025

Burte Force Single I Pmultipledestinationswithin10minutes

DeviceLogonEvents
Author: Ali HusseinReleased: April 16th, 2025

Overprivileged Admin Consented O Auth Applications

OAuthAppInfo
Author: Steven LimReleased: April 15th, 2025

Azure Activity Snapshot Of Monitored Azure Resource

AzureActivity
Author: Jose Sebastián CanósReleased: April 15th, 2025

Most User Consent Application

OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025

External Application High Priv Permissions

OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025

Unused High Priv Permissions

OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025

Application Mail Permission

OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025

MDA O Auth App Disabled

AuditLogs
Author: Jay KeraiReleased: April 12nd, 2025

Ingestion Size Security Events

SecurityEvent
Author: Bert-Jan PalsReleased: April 12nd, 2025

Anti Sleep Domains MDE Device Network Events

DeviceNetworkEvents
Author: Jay KeraiReleased: April 11st, 2025

CVE 2025 29824 Pipe Magic Detection

DeviceEvents
Author: Steven LimReleased: April 11st, 2025

Last Password Change

IdentityDirectoryEvents
Author: Bert-Jan PalsReleased: April 9th, 2025

Check If Defender Easm Ips Or Hosts Are Mentioned In Ddosia Project Current Configuration

DDosiaIntelligenceEasmHostAsset_CL
Author: Michalis MichalosReleased: April 9th, 2025

Black Suitbublupexfil

DeviceNetworkEvents
Author: Ali HusseinReleased: April 9th, 2025

Unsgined Executionsfromuserdirectories

DeviceProcessEvents
Author: Ali HusseinReleased: April 9th, 2025

Workload Identity Info Xdr

IdentityInfoOAuthAppInfoExposureGraphNodesExposureGraphEdges
Author: Thomas NaunheimReleased: April 9th, 2025

Entra ID Oauth App Info

OAuthAppInfo
Author: Alex VerboonReleased: April 7th, 2025

Run Hunting Query Statistics

MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: April 7th, 2025

Review Required Outbound Connections To Work Wit Defender For Cloud Apps

DeviceNetworkEvents
Author: Sergio AlbeaReleased: April 7th, 2025

Run Hunting Query Execution

MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: April 6th, 2025

MDI Service Accounts

IdentityInfo
Author: Alex VerboonReleased: April 5th, 2025

MDE Portable Apps

DeviceFileEventsDeviceProcessEvents
Author: Alex VerboonReleased: April 5th, 2025

MDO Blocked UR Ls

UrlClickEventsEmailEventsEmailUrlInfo
Author: Alex VerboonReleased: April 5th, 2025

MDO Non RFC Compliant Emails

EmailEvents
Author: Alex VerboonReleased: April 5th, 2025

Detecting Domains Where Their Emails Will Be Routed To Junk Folders Due To New Outlook Requirement

EmailEvents
Author: Sergio AlbeaReleased: April 4th, 2025

Detect Suspicious Foci Token Logins

AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: March 27th, 2025

Identify Hot Spot Connections Shared Via I Phone

DeviceNetworkInfo
Author: Sergio AlbeaReleased: March 26th, 2025

Hunting Ingress Nightmare CVSS 98

DeviceInfoDeviceProcessEvents
Author: Steven LimReleased: March 25th, 2025

Detect Active Exploitation Of Critical Apache Tomcat RCE Vulnerability

DeviceInfoDeviceProcessEventsDeviceNetworkEvents
Author: Steven LimReleased: March 21th, 2025

Detecting Misconfigured EXO Transport Rules

EmailEvents
Author: Steven LimReleased: March 21th, 2025

ZDI CAN 25373 Windows Shortcut Exploit Abused Detection

DeviceEvents
Author: Steven LimReleased: March 20th, 2025

Hunt Device Discovery Subnet Ranges

DeviceNetworkInfo
Author: Robbe Van den DaeleReleased: March 19th, 2025

Device Network Events Uncommon Process Connection To Cloudfront Domain

DeviceNetworkEvents
Author: Jose Sebastián CanósReleased: March 18th, 2025

7Z To SM Bshare

DeviceProcessEvents
Author: Ali HusseinReleased: March 18th, 2025

Matching Url Redirectors From Urlclickevents Table With Openphish External Threat Intel Source

UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025

Matching Ip Redirectors From Urlclickevents Table With Urlhaus External Threat Intel Source

UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025

Unfolding Redirectors Using Urlclickevents Table

UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025

Privileged Unified Identity Info

IdentityInfoWorkloadIdentityInfo
Author: Thomas NaunheimReleased: March 17th, 2025