Harden Windows Server 2025: Baseline Settings You Need to Know
Microsoft just rolled out the updated security baseline for Windows Server 2025, and it’s packing more than your usual set
Read More
Build+Break+Secure
Where Every Failure Becomes A Manual
Author: Wayne Andes
Monitor Active CISA Exploited CVEs Using This KQL Query
CISA maintains a live catalog of known exploited vulnerabilities (KEVs), complete with CVE identifiers, vendor and product info, vulnerability details,
Read MoreTroubleshooting Data Ingestion Lag in Microsoft Sentinel from Zscaler Logs
In the ever-evolving landscape of cybersecurity monitoring, timely and accurate log ingestion is king. Recently, a curious case of data
Read MoreDetect Microsoft Teams Large Data Transfer Using KQL
This KQL query detects unusually large Microsoft Teams data transfers by analyzing Zscaler logs for traffic exceeding 50GB within a
Read MoreDetect Microsoft Teams Large Data Transfer Using KQL
This article covers a Kusto Query Language (KQL) script designed to detect large data transfers involving Microsoft Teams traffic as
Read MoreList Untrusted SSH File Transfer Protocol Connection Not Blocked By Symantec Endpoint Protection
Detecting untrusted SSH file transfer protocol connection events can help cybersecurity teams identify potential security gaps within Symantec Endpoint Protection.
Read MoreList P2P Torrent Traffic Not Blocked By Symantec Endpoint Protection
This Kusto Query Language (KQL) script identifies peer-to-peer (P2P) torrent traffic events that Symantec Endpoint Protection has detected but failed
Read More
NBI Data Breach Exposes Millions of Filipino Records
MANILA, PHILIPPINES —The National Bureau of Investigation (NBI), the Philippines’ premier investigative agency, has suffered a major cybersecurity breach that
Read MoreSuspicious Directory Traversal Detection Using KQL in Symantec Logs
This article focuses on how to detect suspicious directory traversal activities that Symantec Endpoint Protection logs but fails to block,
Read More