Mehmet Ergene
@cyb3rmonk.bsky.social
https://academy.bluraven.io
Threat Hunting & Research, Detection Engineering | Microsoft Security MVP
#KQL #DFIR #DataScience
All is one.
Opinions are my own
http://posts.bluraven.io
https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection
Threat Hunting & Research, Detection Engineering | Microsoft Security MVP
#KQL #DFIR #DataScience
All is one.
Opinions are my own
http://posts.bluraven.io
https://github.com/Cyb3r-Monk/Threat-Hunting-and-Detection
The phishing usually happens on a managed device, though 🤔
February 18, 2025 at 3:28 PM
The phishing usually happens on a managed device, though 🤔
I used plaintext roadtx and then used roadrecon to dump Entra ID data. I even caused sign-in failures. There isn't any CAP in this tenant. Could that be the reason? AFAIK, it doesn't affect risk identification.
February 15, 2025 at 3:16 PM
I used plaintext roadtx and then used roadrecon to dump Entra ID data. I even caused sign-in failures. There isn't any CAP in this tenant. Could that be the reason? AFAIK, it doesn't affect risk identification.
I'm for multivariate anomaly detection approach and scoring the results. However, this scoring is not static like "if X, then score += 10".
February 14, 2025 at 12:12 PM
I'm for multivariate anomaly detection approach and scoring the results. However, this scoring is not static like "if X, then score += 10".