ClickFix Forensics: Proving Execution Beyond the Browser
A deep dive on ClickFix, mapping fake CAPTCHA lures to endpoint code execution, covering investigation, response, and preventative controls.
Dec 21, 20257 min read21
Command Palette
Search for a command to run...
Series
Security Operations
A technical series on SOC operations and SIEM engineering, covering SIEM design, threat detection, hunting, automation, containment, and continuous monitoring across Microsoft 365 cloud environments.
Auditing Microsoft Entra Authentication Methods with Microsoft Sentinel and Azure Logic Apps
A practical guide to collecting and analysing user authentication method data with Microsoft Graph, Azure Logic Apps, and Microsoft Sentinel.
Oct 16, 202511 min read165
Monitoring DNS Record Changes in Microsoft Sentinel
Detecting Modifications to MX, A, and TXT Records Using Azure Logic Apps and DNS-over-HTTPS.
Jul 11, 20256 min read54
Kusto Query Language (KQL) Queries For SOC Investigation.
A Field-Tested Collection of KQL Queries for Microsoft Sentinel Analysts to Accelerate Detection, Investigation, and Threat Correlation.
Jun 12, 202510 min read91
Interactive Microsoft Sentinel Incident Notifications in Teams via an Azure Logic App Using Adaptive Cards.
Security teams need fast, structured, and contextual alerts. This guide shows how to deliver Sentinel incidents to Teams using Logic Apps.
Jun 12, 20254 min read353
The Role of SPF, DKIM, and DMARC in Email Authentication Security.
Overview. Email remains one of the most vital business communication tools, but it is also the most frequently exploited attack vector. Threats such as phishing, spoofing, impersonation, and Business Email Compromise (BEC) continue to succeed largely...
Mar 27, 20246 min read39