A classic pixel art tribute that I did back then. Putting it back up for sale: chroma-punk-shop.fourthwall.com/products/rando… #8bit #pixelart #daftpunk #retro

I've updated the Must Learn KQL Workshop page to include the new Workshop Series modules so you can mix and match to create your own KQL workshop. github.com/rod-trent/Must… #MustLearnKQL #KQL #KQLMysteries

A good example of suspected activity is here from: Alphabet Soup she wrote a cool blog: medium.com/@ItsNotNicole/… #Cyber #Security #Recruitment #Fraud #Baddies #Threats #Digital #Safety #Sanctions #Crime

In KQL, if you have a base table with many columns, you may want a simplifed view--just a subset of columns that are arranged in a certain order. At other times you need all the columns. Here is a nifty way to do this where you can get a preferred subset ("brief mode") or all

If you’ve ever reset a password, you’ve done IAM. That help desk ticket where you added someone to a security group? IAM. Setting up MFA for your team? IAM. Creating a new user account in Active Directory? IAM. You’re already doing Identity and Access Management work—you just

I've been working on a set of solutions around excluding emergency access accounts from CA policies to showcase when/why to use certain methods I just pushed the first option, Logic App using a sliding window, to my repo with a Deploy to Azure button :) github.com/nathanmcnulty/…

I keep seeing reports of attackers going after #ESX hosts – exporting VMs, cloning domain controllers, grabbing NTDIS files. Not really surprising. ESX often ends up being the quiet corner of the network where no one’s looking. Thing is: we’ve had some solid ways to deal with

Two years ago I published a two part series on #MSGraph logs and how to use them for threat hunting. Now comes part 3 and the logs are finally available to the masses. #EntraID #KQL #Security cloudbrothers.info/en/detect-thre…

We got a new Ninja Training, now for MSEM (Microsoft Security Exposure Management). This is v1 and we will continue to grow and later add certificate of accomplishment, just like other Defender Ninja Trainings. techcommunity.microsoft.com/blog/securitye…

On 9/15, Microsoft starts enforcing mandatory MFA for Azure CLI, Azure PowerShell, Azure mobile app, and your IAC tools (non-Service Principal based) I created a CA template you can import (report-only) to audit these apps (add your IAC ones): github.com/nathanmcnulty/…

Linux. Kubernetes. Automation. Security. Master these four. Work anywhere.

I'm excited to announce our newest online course, Command Line Essentials for Security Analysts. Learn about the course and register here: networkdefense.co/courses/cli/

One of my favorite projects we’ve worked on! Check out the repo Gwen and I made to teach you how to learn MCP with Python🐍♥️✨

psychic.labs.greynoise.io 👀

NEW Microsoft Entra SSE feature in public preview: "IT Admins can now set detailed SPN-level policies, such as requiring MFA for cifs/* file shares, enabling compliant device access to MSSQL/* servers, and applying step-up authentication for sensitive RDP servers. This allows

I made lots of small utilities/tools/aids for CISOs and Cyber Security tweeps mr-r3b00t.github.io/soc_chef/

We (Marlene Mhangami and I) started a new show: Python on Azure! Our goal is to chat with friends & colleagues about all things Python (and sometimes Azure). We had to go BIG for our first episode: our guest is the one and only Armin Ronacher ⇌ We asked: - Could he vibe-code Flask? -

On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog: greynoise.io/blog/surge-mal… #ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop

Investigation Scenario 🔎 This file was found on a user workstation: app.any.run/tasks/39d47711… What do you look for to investigate it was executed and the extent of its effect on the system? #InvestigationPath #DFIR #SOC

T minus 15 minutes before Arnold Wave / #synthwave at Tim Alexander ~ twitch.tv/djtow3r