List Successful Sign-in From A New Country
Description This KQL query detects successful sign-ins from countries that have not been seen before. Depending on where you run
Read MoreBuild+Break+Secure
Where Every Failure Becomes A Manual
Author: Wayne Andes
Safeguarding Our Children’s Online Presence (A Guide to Homelab Protection)
In today’s digital age, children are growing up surrounded by technology, making online safety a crucial concern for parents and
Read MoreHunt For Suspicious Encoded PowerShell
PowerShell can be used encoded to obfuscate the commands that have been executed. An attacker can choose encoding to hide
Read More
Why I Started A Homelab
In my last article, I delved into the benefits of starting a homelab, but now I want to get personal
Read MoreHunt For Malicious HTTP Traffic
This Threat Hunting case is based on the DeviceNetworkEvents table. The goal is to find malicious HTTP traffic. Step 1:
Read More
Why Start A Homelab?
In a world where technology plays an increasingly central role in our lives, the idea of creating a homelab—a personalized
Read More
What Is A Homelab?
Greetings, fellow tech aficionados and digital nomads! Today, I’m thrilled to dive into the electrifying world of homelabbing—a haven for
Read MoreList Security Alerts Triggered By Users At Risk
Description This KQL query identifies the users that are currently at risk. Based on that it performs a lookup on
Read MoreList Total Successful Sign-Ins By Operating System
Description This KQL query can be used to detect rare operating systems that are used to sign into your tenant.
Read More