Mahdi Haris HutamaSOC140 — Phishing Mail Detected — Suspicious Task Scheduler EventID 82 — Letsdefend Monitoring…Go to Monitoring Menu — Investigation channel, and click create case buttonAug 26Aug 26
Mahdi Haris HutamaDiscord Forensics — Letsdefend challengewalkthrough on how to investigate Discord cache as forensic artifactsAug 26Aug 26
Mahdi Haris HutamaIdentify device operating system (OS) based on ping response TTL value using powershellIdentifying operating system (OS) based on the ping response Time-To-Live (TTL) value is a useful technique in network diagnostics and…Aug 24Aug 24
Mahdi Haris HutamaDetecting windows local account creation — MITRE ATT&CK T1136.001Microsoft defender Advanced hunting KQL — Custom detection rulesAug 12Aug 12
Mahdi Haris HutamaDetecting changes in AD groups membership activitiesMicrosoft defender Advanced hunting KQL — Custom detection rulesAug 11Aug 11
Mahdi Haris HutamaFake CrowdStrike domainOn July 19, 2024, widespread IT system outage occurred due to an update from CrowdStrike sensor, the outage impacted Windows 10 and later…Jul 27Jul 27
Mahdi Haris HutamaDetecting new creation azure account and changes to PIM group activityMicrosoft defender Advanced hunting KQL — Custom detection rulesJul 3Jul 3
Mahdi Haris HutamaDetecting failed login attempts using disabled accountsMicrosoft defender Advanced hunting KQL — Custom detection rulesJul 1Jul 1
Mahdi Haris HutamaDetecting attempt by PowerShell process to disable Microsoft Defender’s Service or componentMicrosoft defender Advanced hunting KQL — Custom detection rulesJun 29Jun 29
Mahdi Haris HutamaChecking the hash value of email attachments into MalwareBazaar IOCsMicrosoft defender KQL Custom detection rulesJun 28Jun 28