Frustrated by the lack of visibility on certain pretty sensitive actions and the state of important components I’m working a tool to ship important additional logs of #MDE to #Sentinel. Blog hopefully soon.

whyTheHellDoWeHaveToUseCamelCase reddit.com/r/programmerhu…

Detect threats using Microsoft Graph Logs - Part 1 cloudbrothers.info/en/detect-thre… #MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #MicrosoftEntra #AzureAD #Identity

[COMING SOON] Atomic Red Team 🐦 Integration is coming to SigmaHQ 🧙‍♂️ Sigma rules will be validated regularly against atomics directly in the Sigma CI pipelines to ensure even more quality. Will share more in time 🔥

#Velociraptor Tip: Some Velo artifacts (like Hayabuse, in this example) are downloading third-party software from the Internet (from GitHub, in this case) before running the software on the hosts. In case the customer shuts down all outgoing Internet traffic except the

I have created a YARA rule to detect binaries that are signed with a potentially compromised AnyDesk signing certificate (if the PE header info isn't AnyDesk -> other binaries signed with the compromised cert) #100DaysOfYARA #AnyDesk github.com/Neo23x0/signat…

🎉Happy International Enable Sysmon and 4688 Auditing Day🎉grab yourself a slice of cake, chat to a colleague about it, bring it up at your all hands company meeting, talk to your kids about the most exciting day in the cyber calendar - github.com/reprise99/4688…

So excited to deliver this at DEF CON this year! Previous participants of #OpenSOC will want to check this out! Many similarities, but rebuilt from the ground up with new hunt capabilities, more telemetry, and new attacks. Come see us at Blue Team Village! #defcon #defcon32

This is CrowdStrike's Director of Overwatch, so I hope to help spread the word. I believe CS stopped these changes from being pushed out so machines late to the party wont get the faulty driver. Command in Safe Mode: del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"

apt update -y && apt upgrade -y && apt dist-upgrade -y All systems go!

msft has flipped a switch and now every user in *your* org can get a trial license for m365 copilot "without an admin's help", by default this includes building their own custom agents (!) turn this off at admin -> self-service purchase -> Do not allow

For all #KQL fans, I had this list of community repos lying around, the list now consists of 33 repos for you to investigate. Happy hunting! 🏹 Feel free to send a PR if you miss repos! :) github.com/Bert-JanP/Hunt…

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣| | Don't Push To Production On Friday | |＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

CISA updates ScubaGear Tool to strengthen your Microsoft 365 security! As Microsoft tenants grow, so do the complexities of ensuring excellent security measures. With many admin centers and configurations to manage, maintaining a security baseline can be a difficult task. The

Obsidian is now free for work. Starting today, the Obsidian Commercial license is optional. Anyone can use Obsidian for work, for free. If Obsidian benefits your organization, you can still purchase Commercial licenses to support development. Nothing else is changing. No

Anybody who says the windows firewall is too difficult has obviously never touched iptables.