Detect User Account Created Using Command-line
Description This KQL query is aimed to detect users that are added via the command-line. Adding users via the command-line
Read MoreWhere Every Failure Becomes A Manual
Description This KQL query is aimed to detect users that are added via the command-line. Adding users via the command-line
Read MoreDescription This KQL query focuses on identifying modifications to Conditional Access Policies, a tactic employed by threat actors like Scattered
Read MoreDescription Adversaries may create local accounts to maintain access to victim systems. This KQL query lists all the local admins
Read MoreDescription In order to gain high priviliges an adversary can add themselfs to groups with high priviliges. Those priviliges allow
Read MoreNormally, PowerShell just does what it’s told—quiet, obedient, and cold as ice. But what if I told you that with
Read MoreDescription This KQL query allows you to hunt for users that have been added to the sudo group. The current
Read More