Identify Log Ingestion Delays by Device in CommonSecurityLog with KQL
Monitoring ingestion latency in Microsoft Sentinel is key to ensuring log fidelity and timing accuracy, especially when dealing with security
Read MoreBuild+Break+Secure
Where Every Failure Becomes A Manual
Author: Wayne Andes
How AS-REP Roasting Exploits Active Directory and Ways to Stop It
AS-REP Roasting is an attack method targeting Active Directory user objects that don’t require Kerberos pre-authentication. Unlike Kerberoasting, where service
Read MoreTop MITRE Techniques Triggered Using KQL in Sentinel and Defender
Understanding which MITRE ATT&CK techniques are most frequently triggered helps in identifying current attacker patterns and potential gaps in your
Read More
Windows 11 24H2 GPO Security Changes Explained
Microsoft just dropped the new Windows 11, version 24H2 Security Baseline, and it’s more than just a patch-up job. It’s
Read MoreHow to Detect and Prevent Kerberoasting in Active Directory Environments
Kerberoasting is a technique where attackers request service tickets from Active Directory for accounts tied to a Service Principal Name
Read MoreActive Directory Group Additions Tracking with KQL Queries
Active Directory group additions are critical events that may indicate privilege escalations or unauthorized access. Using KQL queries, you can
Read MoreAnalyze Syslog Ingestion Delays in Microsoft Sentinel with KQL
Checking ingestion delays in Syslog data is critical for timely detection and alerting in cybersecurity systems. This technique uses KQL
Read MoreKQL Query to Monitor Password Never Expire Account Changes
Setting an account password to never expire can pose a significant security risk. Regular password changes are a fundamental security
Read MoreKQL Query for MITRE ATT&CK Techniques on Microsoft Sentinel Incidents
Using KQL, this query provides a clear visualization of MITRE ATT&CK techniques triggered by incidents in Microsoft Sentinel. It breaks
Read More