Nathan HueckKQL, XQL, and Splunk script to identify executable files in the window temp folder, removable and…We can begin with comprehensive approach to identifying executable files in the Windows temp folder using KQL (Kusto Query Language), XQL…8 min read·23 hours ago----
Nathan HueckDetecting malicious JavaScripts within SMTP flow (Using KQL, XQL and Splunk scripts).Introduction6 min read·May 29, 2024----
Nathan HueckKQL, and Splunk scripts to identify specific Windows Security Events with user accounts!As you potentially already know. Identify user accounts behaviours is crucial. Therefore, a script designed to identify specific Windows…3 min read·May 24, 2024----
Nathan Hueck(Splunk use case & KQL) Scripts to detect a user account logged in several endpoint devices.KQL:2 min read·May 9, 2024----
Nathan HueckPracticing Threat Modeling for DAR/DIM/DIU protection.Today. I will talk about the importance of threat modeling to protect data in all its instances. Data at Rest (DAR), Data in Motion (DIM)…6 min read·Mar 29, 2024----
Nathan Hueck(Splunk use case & KQL) Identifying PowerShell scripts malicious execution on user endpoints.PowerShell scripting is a powerful tool used by both system administrators and threat actors alike. While legitimate PowerShell scripts are…3 min read·Mar 18, 2024----
Nathan Hueck(Splunk use case & KQL) Identifying Microsoft office malicious macro executions on user endpoint…In modern cybersecurity, identifying and mitigating potential threats is crucial to safeguarding sensitive data and systems. One common…3 min read·Mar 18, 2024----
Nathan Hueck(Splunk & KQL)-Detecting the creation of a Service In Suspicious File Path for Windows and LinuxDetecting Suspicious Service Creations: Splunk vs. KQL5 min read·Mar 17, 2024----
Nathan HueckDetecting Disabled Auditing Services on Critical Systems (KQL & Splunk)In today’s complex digital landscape, maintaining the security and integrity of critical systems is paramount. One crucial aspect of this…5 min read·Mar 15, 2024----