Friday, June 27, 2025

Build+Break+Secure

Where Every Failure Becomes A Manual

BUILD
- Microsoft Power Automate
  - Microsoft Teams
  - SentinelOne
- Microsoft PowerShell
  - Scripts
BREAK
- Kusto Query Language
  - Microsoft Sentinel
  - Zscaler
SECURE
- Active Directory
  - Hardening
- Kusto Query Language

Build+Break+Secure

Where Every Failure Becomes A Manual

BUILD
- Microsoft Power Automate
  - Microsoft Teams
  - SentinelOne
- Microsoft PowerShell
  - Scripts
BREAK
- Kusto Query Language
  - Microsoft Sentinel
  - Zscaler
SECURE
- Active Directory
  - Hardening
- Kusto Query Language

Active Directory

+ SECURE Active Directory

November 22, 2024 Wayne Andes 41 Views 0 Comments 3 min read

Golden Certificate Attacks in Active Directory Explained and Defended

Golden Certificates are an advanced persistence technique linked to Active Directory Certificate Services (AD CS) compromises. When attackers gain administrative

+ SECURE Active Directory

November 15, 2024 Wayne Andes 43 Views 0 Comments 4 min read

Understanding Active Directory Certificate Services Compromise Vectors

Active Directory Certificate Services (AD CS) is Microsoft’s Public Key Infrastructure (PKI) framework, managing encryption, code signing, and authentication through

+ SECURE Active Directory

November 8, 2024 Wayne Andes 36 Views 0 Comments 3 min read

Active Directory GPP Password Vulnerability Explained

In Microsoft Active Directory environments, Group Policy Preferences (GPP) was once a go-to method for setting local administrator passwords and

+ SECURE Active Directory

November 1, 2024 Wayne Andes 38 Views 0 Comments 4 min read

Detecting and Preventing Unconstrained Delegation Exploits in Active Directory

Active Directory environments become ripe targets when computer objects are misconfigured with unconstrained delegation. This configuration allows attackers to impersonate

+ SECURE Active Directory

October 25, 2024 Wayne Andes 41 Views 0 Comments 2 min read

How to Detect and Mitigate MachineAccountQuota Attacks in Active Directory

MachineAccountQuota abuse leverages a default Active Directory setting that allows user accounts to create up to ten computer objects within

+ SECURE Active Directory

October 18, 2024 Wayne Andes 33 Views 0 Comments 3 min read

How to Prevent Password Spraying Attacks on Active Directory Accounts

Password spraying is a stealthy technique where attackers try a small number of common passwords across many Active Directory user

+ SECURE Active Directory

October 11, 2024 Wayne Andes 39 Views 0 Comments 2 min read

How AS-REP Roasting Exploits Active Directory and Ways to Stop It

AS-REP Roasting is an attack method targeting Active Directory user objects that don’t require Kerberos pre-authentication. Unlike Kerberoasting, where service

+ SECURE Active Directory

October 4, 2024 Wayne Andes 52 Views 0 Comments 2 min read

How to Detect and Prevent Kerberoasting in Active Directory Environments

Kerberoasting is a technique where attackers request service tickets from Active Directory for accounts tied to a Service Principal Name

Topics To Explore

+ BLOG + BREAK + BUILD + NEWS + SECURE Active Directory Fortinet Homelab Kusto Query Language Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Power Automate Microsoft PowerShell Microsoft Sentinel Microsoft Teams Microsoft Windows Microsoft Windows Server SentinelOne Symantec Endpoint Protection VMware Carbon Black Zscaler

Recent BUILD Posts

Streamline SentinelOne Endpoint Scans with Power AutomateJune 2, 2025
Automate SentinelOne Incident Alerts to Microsoft Teams with Power AutomateJune 2, 2025
Get Started On Microsoft Power AutomateMay 26, 2025
PowerShell Finds Its Voice: Talking Scripts Are Now a ThingJuly 7, 2023

Recent BREAK Posts

Troubleshooting Data Ingestion Lag in Microsoft Sentinel from Zscaler LogsJanuary 29, 2025
What is BREAK?April 1, 2024

Recent SECURE Posts

Detect QR Code-Based Phishing with KQL in Microsoft Defender XDRFebruary 10, 2025
Monitor Active CISA Exploited CVEs Using This KQL QueryFebruary 3, 2025
Detect Microsoft Teams Large Data Transfer Using KQLJanuary 28, 2025
Detect Microsoft Teams Large Data Transfer Using KQLJanuary 27, 2025
List Untrusted SSH File Transfer Protocol Connection Not Blocked By Symantec Endpoint ProtectionJanuary 22, 2025

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}