MITRE’s CVE Contract Expires – Internal Memo Leaked!
A leaked letter dated April 15, 2025, has revealed that MITRE’s contract to support the Common Vulnerabilities and Exposures (CVE)
Read More
Build+Break+Secure
Where Every Failure Becomes A Manual
Author: Wayne Andes
Detect QR Code-Based Phishing with KQL in Microsoft Defender XDR
QR code phishing is on the rise. Threat actors are embedding malicious URLs inside QR codes in emails, bypassing traditional
Read More
Harden Windows Server 2025: Baseline Settings You Need to Know
Microsoft just rolled out the updated security baseline for Windows Server 2025, and it’s packing more than your usual set
Read MoreMonitor Active CISA Exploited CVEs Using This KQL Query
CISA maintains a live catalog of known exploited vulnerabilities (KEVs), complete with CVE identifiers, vendor and product info, vulnerability details,
Read MoreTroubleshooting Data Ingestion Lag in Microsoft Sentinel from Zscaler Logs
In the ever-evolving landscape of cybersecurity monitoring, timely and accurate log ingestion is king. Recently, a curious case of data
Read MoreDetect Microsoft Teams Large Data Transfer Using KQL
This KQL query detects unusually large Microsoft Teams data transfers by analyzing Zscaler logs for traffic exceeding 50GB within a
Read MoreDetect Microsoft Teams Large Data Transfer Using KQL
This article covers a Kusto Query Language (KQL) script designed to detect large data transfers involving Microsoft Teams traffic as
Read MoreList Untrusted SSH File Transfer Protocol Connection Not Blocked By Symantec Endpoint Protection
Detecting untrusted SSH file transfer protocol connection events can help cybersecurity teams identify potential security gaps within Symantec Endpoint Protection.
Read MoreList P2P Torrent Traffic Not Blocked By Symantec Endpoint Protection
This Kusto Query Language (KQL) script identifies peer-to-peer (P2P) torrent traffic events that Symantec Endpoint Protection has detected but failed
Read More