#Microsoft #Sentinel #AnalyticRules trigger FP: #TI map Domain entity to #CloudAppEvents In the image1 (source #KQL), join null/empty values are matched as column "RequestURL" doesn't exist and TI_DomainEntity could be empty In image2, I extract domain from URLs in Entities

How to use #Microsoft #Sentinel #AnalyticsRule or #Defender #CustomDetection using #KQL to detect "Typosquatting phishing email sender" more details: github.com/GirlLily/KQL/b…

#Threatactors use #Adobe #Acrobat as a lure in #phishingcampaigns as it’s a trusted and widely used platform, making their attacks appear more legit. e.g: the sender XXX via #Adobe #Acrobat <[email protected]> Here is how I use #KQL to #detect such emails

My latest blog Malware-as-a-Smart-Contract-Part1 reveals how attackers are delivering #malware to target #Windows users through fake #reCAPTCHA and #ClickFix overlays.

By using brute-force and injecting into all available programs on Windows 11. DefenderWrite will help you identify which programs are allowed to write into the Antivirus's operating folder. zerosalarium.com/2025/10/defend… #itsecurity #cybersecurity #redteam

Another fake “I’m not a robot” gate leading to a spoofed Microsoft login. Same tricks, different day. #phishing #infosec #Microsoft

#Phishingkits are evolving. #Attackers now first ask for your email, then redirect to a fake Microsoft page with your email prefilled—showing the new “Get a code to sign in”. It looks more legitimate, lowers suspicion, and helps them validate active targets before stealing.

Wild #phishing #scam! 🤯 #Fake Doc Access page -> Fake Adobe page → "Sign in with Microsoft" → Fake browser window pops up. (Look Legit?😀) LOOK AT THE URL BAR! It's NOT a real browser! All fake UI streaming Microsoft's login to #steal your password.

#Compromised domain stellarcommunications[.]net distributing #phishing emails via these 2 email addresses 👇

Guess what I'm trying to do😀

Spent my Xmas building a #Microsoft #phishing detector that works early in the flow, catches modern #phishingkits, and avoids false positives on legit sites. Harder than it sounds — but really satisfying when it clicks. 🔐 #ThreatIntel #CyberSec #infosec