Our Sponsors ❤️
Weaponized Files Extracting DLL Files After Execution
DeviceFileEventsDeviceEvents
Author: Sergio AlbeaReleased: April 23th, 2025
Suspicious RUNMRU Entry
DeviceRegistryEvents
Author: Bert-Jan PalsReleased: April 23th, 2025
Audit Logs Cross Tenant Settings Modified
AuditLogs
Author: Jose Sebastián CanósReleased: April 23th, 2025
AAD Service Principal Sign In Logs Suspicious Multiple Service Principal Authentication From IP Address
AADServicePrincipalSignInLogs
Author: Jose Sebastián CanósReleased: April 23th, 2025
Tracking Proton66 Activity With KQL
DeviceNetworkEvents
Author: Steven LimReleased: April 21th, 2025
Detection Response By Tracing File Lineage
DeviceFileEventsDeviceEvents
Author: Sergio AlbeaReleased: April 21th, 2025
Mitigating Security Risks In MCP Implementations
DeviceNetworkEvents
Author: Steven LimReleased: April 20th, 2025
Hunting Chrome Extension With Hidden Tracking
SecureAnnexDeviceFileEvents
Author: Steven LimReleased: April 18th, 2025
CVE 2025 24054 NTLM Exploit In The Wild Detection
DeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: April 16th, 2025
Device Network Events Uncommon Process Connection To Suspicious Domain
DeviceNetworkEvents
Author: Jose Sebastián CanósReleased: April 16th, 2025
Identity Directory Events Unexpected Service Creation
IdentityDirectoryEvents
Author: Jose Sebastián CanósReleased: April 16th, 2025
Modifications To Safe Links Allow Click Through Policy
OfficeActivity
Author: Jay KeraiReleased: April 16th, 2025
Burte Force Single I Pmultipledestinationswithin10minutes
DeviceLogonEvents
Author: Ali HusseinReleased: April 16th, 2025
Overprivileged Admin Consented O Auth Applications
OAuthAppInfo
Author: Steven LimReleased: April 15th, 2025
Azure Activity Snapshot Of Monitored Azure Resource
AzureActivity
Author: Jose Sebastián CanósReleased: April 15th, 2025
Most User Consent Application
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
External Application High Priv Permissions
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
Unused High Priv Permissions
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
Application Mail Permission
OAuthAppInfo
Author: Bert-Jan PalsReleased: April 14th, 2025
MDA O Auth App Disabled
AuditLogs
Author: Jay KeraiReleased: April 12nd, 2025
Ingestion Size Security Events
SecurityEvent
Author: Bert-Jan PalsReleased: April 12nd, 2025
Anti Sleep Domains MDE Device Network Events
DeviceNetworkEvents
Author: Jay KeraiReleased: April 11st, 2025
CVE 2025 29824 Pipe Magic Detection
DeviceEvents
Author: Steven LimReleased: April 11st, 2025
Last Password Change
IdentityDirectoryEvents
Author: Bert-Jan PalsReleased: April 9th, 2025
Check If Defender Easm Ips Or Hosts Are Mentioned In Ddosia Project Current Configuration
DDosiaIntelligenceEasmHostAsset_CL
Author: Michalis MichalosReleased: April 9th, 2025
Black Suitbublupexfil
DeviceNetworkEvents
Author: Ali HusseinReleased: April 9th, 2025
Unsgined Executionsfromuserdirectories
DeviceProcessEvents
Author: Ali HusseinReleased: April 9th, 2025
Workload Identity Info Xdr
IdentityInfoOAuthAppInfoExposureGraphNodesExposureGraphEdges
Author: Thomas NaunheimReleased: April 9th, 2025
Entra ID Oauth App Info
OAuthAppInfo
Author: Alex VerboonReleased: April 7th, 2025
Run Hunting Query Statistics
MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: April 7th, 2025
Review Required Outbound Connections To Work Wit Defender For Cloud Apps
DeviceNetworkEvents
Author: Sergio AlbeaReleased: April 7th, 2025
Run Hunting Query Execution
MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: April 6th, 2025
MDI Service Accounts
IdentityInfo
Author: Alex VerboonReleased: April 5th, 2025
MDE Portable Apps
DeviceFileEventsDeviceProcessEvents
Author: Alex VerboonReleased: April 5th, 2025
MDO Blocked UR Ls
UrlClickEventsEmailEventsEmailUrlInfo
Author: Alex VerboonReleased: April 5th, 2025
MDO Non RFC Compliant Emails
EmailEvents
Author: Alex VerboonReleased: April 5th, 2025
Detecting Domains Where Their Emails Will Be Routed To Junk Folders Due To New Outlook Requirement
EmailEvents
Author: Sergio AlbeaReleased: April 4th, 2025
Detect Suspicious Foci Token Logins
AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: March 27th, 2025
Identify Hot Spot Connections Shared Via I Phone
DeviceNetworkInfo
Author: Sergio AlbeaReleased: March 26th, 2025
Hunting Ingress Nightmare CVSS 98
DeviceInfoDeviceProcessEvents
Author: Steven LimReleased: March 25th, 2025
Detect Active Exploitation Of Critical Apache Tomcat RCE Vulnerability
DeviceInfoDeviceProcessEventsDeviceNetworkEvents
Author: Steven LimReleased: March 21th, 2025
Detecting Misconfigured EXO Transport Rules
EmailEvents
Author: Steven LimReleased: March 21th, 2025
ZDI CAN 25373 Windows Shortcut Exploit Abused Detection
DeviceEvents
Author: Steven LimReleased: March 20th, 2025
Hunt Device Discovery Subnet Ranges
DeviceNetworkInfo
Author: Robbe Van den DaeleReleased: March 19th, 2025
Device Network Events Uncommon Process Connection To Cloudfront Domain
DeviceNetworkEvents
Author: Jose Sebastián CanósReleased: March 18th, 2025
7Z To SM Bshare
DeviceProcessEvents
Author: Ali HusseinReleased: March 18th, 2025
Matching Url Redirectors From Urlclickevents Table With Openphish External Threat Intel Source
UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025
Matching Ip Redirectors From Urlclickevents Table With Urlhaus External Threat Intel Source
UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025
Unfolding Redirectors Using Urlclickevents Table
UrlClickEvents
Author: Michalis MichalosReleased: March 18th, 2025
Privileged Unified Identity Info
IdentityInfoWorkloadIdentityInfo
Author: Thomas NaunheimReleased: March 17th, 2025