Identity & Security


APT41 Emulation Plan

Introduction: I have recently blogged about hunting for techniques used by APT41, which only contains a few techniques. Since I wanted to expand this. I’ve decided to create an emulation plan for Blue Teamers. The reason behind this blog post is mainly due to the fact, that I got inspired by MITRE Engenuity Center forContinue reading “APT41 Emulation Plan”

Securing On-Premises AD with Azure Sentinel

Introduction: The majority of organizations are operating in a hybrid state, which means that a lot of organizations still have to deal with their On-Premises Active Directory environment. Active Directory exists for more than a decade, but it hasn’t always been secured properly. Multiple changes are configured everyday, and it’s hard to find out, whichContinue reading “Securing On-Premises AD with Azure Sentinel”

Treat your Privileged Authentication Admins as Global Admins

Introduction: I’ve been lately diving into different escalation paths in Azure AD and what I’ve realized is, that it’s possible to take-over a Global Admin account. Once a user is part of a directory role that’s called Privileged Authentication Administrator. This role is described by Microsoft as the following: As Microsoft has documented it soContinue reading “Treat your Privileged Authentication Admins as Global Admins”

Become a KQL Ninja

Introduction: I’ve been digging into KQL for a quite some time, and I often get the question if I could help someone out with building a KQL query. This has motivated me to release a first edition of KQL Internals, which has received a lot of positive feedback from the community. KQL Internals is aContinue reading “Become a KQL Ninja”


Something went wrong. Please refresh the page and/or try again.