Introduction: The majority of organizations are operating in a hybrid state, which means that a lot of organizations still have to deal with their On-Premises Active Directory environment. Active Directory exists for more than a decade, but it hasn’t always been secured properly. Multiple changes are configured everyday, and it’s hard to find out, whichContinue reading “Securing On-Premises AD with Azure Sentinel”
Introduction: I’ve been lately diving into different escalation paths in Azure AD and what I’ve realized is, that it’s possible to take-over a Global Admin account. Once a user is part of a directory role that’s called Privileged Authentication Administrator. This role is described by Microsoft as the following: As Microsoft has documented it soContinue reading “Treat your Privileged Authentication Admins as Global Admins”
Introduction: I’ve been digging into KQL for a quite some time, and I often get the question if I could help someone out with building a KQL query. This has motivated me to release a first edition of KQL Internals, which has received a lot of positive feedback from the community. KQL Internals is aContinue reading “Become a KQL Ninja”
Introduction: Azure Sentinel is a cloud native SIEM solution that leverages, the power of Artificial Intelligence to analyze large data volumes at scale. It provides a lot of capabilities and it’s a solution that I highly can recommend to both SOC Analysts and Threat Hunters. Today in my blog post. I’m going to describe aContinue reading “Hunting TTPs with Azure Sentinel”
Folks, Since a lot of people are into Azure Sentinel. I’ve decided to share a documentation that walks you through the different steps to understand the basic concepts of Kusto Query Language (KQL). KQL is the core fundamentals in Azure Sentinel to search and analyze data. This is also why it’s worth to understand howContinue reading “Kusto Query Internals – Azure Sentinel Reference”
Something went wrong. Please refresh the page and/or try again.