Threat Hunting

Your Crown Jewels Are in Defender. You Just Never Set Them Up.

All right class. You have been saying "crown jewels&

Building Your First Threat Hunting Hypothesis (The MITRE Way)

All right class. Lots of SOC teams say they do

Azure Key Vault: The High-Value Queries Your SOC Isn't Running

All right class. Key Vault is where your secrets live.

Hunting PowerShell Abuse in MDE: Eight Queries, Real Results

All right class PowerShell is in every serious Windows intrusion.

User Audit Investigation Workbook: Deploy in Minutes, Investigate in Seconds

All right class. This is the workbook I wish people

KQL User Audit Playbook V2: The Insider Threat Investigation Guide

All right class. This is a continuation of my previous

Teams Threat Protection: What Actually Changed and What You Can Actually Hunt

All right class Your SOC has limited visibility into Teams.

Threat Analytics in Microsoft Defender: What It Actually Does and Why Your SOC Needs It

All right class. You're doing your SOC investigations

Hunting in Microsoft Sentinel: What Hunting Actually Is and Why You Need It

Terminology matters here. Microsoft uses these words in specific ways,

Building a Brute Force Detection Query: How To Think Through Network Logon Failures

All right class, take your seats. This post is about