Introduction Attackers are increasingly utilising QR codes in their phishing campaigns because they don’t just evade standard detection, they are incredibly difficult to detect without some signif...
QR code phishing detection - A theoretical proof of concept using the Microsoft Graph API
A Robust Method for Detecting Log Ingestion Issues
Introduction We have recently come across a scenario where one of our clients changed a configuration in AWS, which stopped AWS Cloud Trail logs from coming through to Microsoft Sentinel. We reali...
How to KQL - Part 1 - The Basics
Introduction Kusto Query Language (KQL) is a powerful data query language developed by Microsoft, primarily used for exploring and visualising data across various Microsoft products. It plays an i...
Entra ID Lifecycle Workflows
Introduction A new feature in Entra ID, Lifecycle Workflows allows organisations to automate changes to user objects throughout three key stages in a user’s lifecycle. These three key stages are: ...
Detecting Homograph Attacks Using KQL
Introduction Let’s play a game of spot the difference! Spot the difference in the URLs below: www.facebook.com www.fаcebook.com If you got it, well done. You have a keen eye, and I bet yo...
3CX Defender for Endpoint Hunting Queries
Introduction 3CX is a software development company with a large outreach, over 600,000 companies worldwide and around 12 million daily users. 3CX provide desktop applications which allows users to...
Demystifying Defender for Cloud
Introduction Defender for Cloud (DfC) is a cloud-native platform designed to protect multiple workloads, across several environments, by utilising a plethora of capabilities. Defender for Cloud is...