KQL

Why Abandoned Resources Are a Security Problem, Not Just a Billing One

Everything here is built on the work of Dolev Shor.

Advanced Hunting Just Got a Lot More Powerful. You Can Now Act on What You Find.

All right class Hunting was always "find bad things

Building Your First Threat Hunting Hypothesis (The MITRE Way)

All right class. Lots of SOC teams say they do

Azure Key Vault: The High-Value Queries Your SOC Isn't Running

All right class. Key Vault is where your secrets live.

Hunting PowerShell Abuse in MDE: Eight Queries, Real Results

All right class PowerShell is in every serious Windows intrusion.

Your Sentinel Detection Setup Is Probably Broken. Here's How to Know.

All right class Most environments running Sentinel today have the

Defender XDR Incident Investigation: A to Z Using a Real Example

All right class. There are a few ways you end

Conditional Access Health Check: What Your Policies Actually Do

All right class. This is highly technical post referencing KQL

Detection Engineering and Why It's a Must Have Part 2

All right class This is a continuation of part 1

Detection Engineering and Why It's a Must Have

Why Your SIEM Won't Save You Without It