Mahdi HutamaDetecting windows local account creation — MITRE ATT&CK T1136.001Microsoft defender Advanced hunting KQL — Custom detection rulesAug 12Aug 12
Mahdi HutamaDetecting changes in AD groups membership activitiesMicrosoft defender Advanced hunting KQL — Custom detection rulesAug 11Aug 11
Mahdi HutamaFake CrowdStrike domainOn July 19, 2024, widespread IT system outage occurred due to an update from CrowdStrike sensor, the outage impacted Windows 10 and later…Jul 27Jul 27
Mahdi HutamaDetecting new creation azure account and changes to PIM group activityMicrosoft defender Advanced hunting KQL — Custom detection rulesJul 3Jul 3
Mahdi HutamaDetecting failed login attempts using disabled accountsMicrosoft defender Advanced hunting KQL — Custom detection rulesJul 1Jul 1
Mahdi HutamaDetecting attempt by PowerShell process to disable Microsoft Defender’s Service or componentMicrosoft defender Advanced hunting KQL — Custom detection rulesJun 29Jun 29
Mahdi HutamaChecking the hash value of email attachments into MalwareBazaar IOCsMicrosoft defender KQL Custom detection rulesJun 28Jun 28
Mahdi HutamaFind the file whose hash matches that of MalwareBazaar IOCsMicrosoft defender KQL Custom detection rulesJun 25Jun 25
Mahdi HutamaMalicious chrome extension — Letsdefend challengewalkthrough how to investigate chrome extentionJun 25Jun 25
Mahdi HutamaImageStegano — Letsdefend challengewalkthrough how to investigate malicious imageMay 31May 31