Skip to content

Security Scriptographer — PowerShell & Microsoft 365 Security

Through Security Scriptographer, I transform complex security concepts into practical scripts and tutorials. Proficient in Python, and various security frameworks, I'm here to help others enhance their security toolkit. Simple code, serious security. 🛡️

  • Home
  • MITRE ATT&CK Fundamentals
  • MITRE D3FEND Fundamentals
  • About me
  • Contact Me

PowerShell Script Block Logging with Event ID 4104

May 28, 2026 0 Comments 10 min read

Most PowerShell-based attacks rely on the same trick: pass a Base64-encoded command, a string concatenation, or a script downloaded at ru...

Read more →

MITRE ATT&CK PowerShell Security Monitoring Sysadmin Threat Hunting Windows Server

Detecting Kerberoasting with Windows Event ID 4769

May 28, 2026 0 Comments 10 min read

Kerberoasting ( MITRE ATT&CK T1558.003 ) is one of the few credential-access techniques that produces a clean, on-prem audit signal —...

Read more →

Active Directory Kerberoasting MITRE ATT&CK Security Monitoring Sysadmin Threat Hunting

Sysmon Configuration for Windows Security Monitoring

May 28, 2026 0 Comments 10 min read

Native Windows auditing covers a surprising amount of ground, but it has known gaps: no file hashes on process creation, no outbound netw...

Read more →

PowerShell Security Monitoring Sysadmin Sysmon Threat Hunting Windows Server
← Newer Posts Older Posts → Home

Search

most popular blogs

MITRE ATT&CK to SIEM Rules: A Practical Look at SIOR-Helper

Image
Read more

From Logs to Threats: SIEM Correlation Rules for Real Attacks

Image
Read more

Important References

  • MITRE ATT&CK
  • MITRE D3FEND
  • PowerShell Documentation

Categories

  • Active Directory
  • Add-KdsRootKey
  • Admin Center
  • Advanced Hunting
  • AST
  • ATT&CK
  • Attack Simulation Training
  • Audit Script
  • Automation
  • brute force
  • Complete Guide
  • Correlation
  • coverage
  • CSV
  • D3FEND
  • Defender
  • Event Log
  • File Hunt
  • Forensics
  • Get-ADServiceAccount
  • Get-Process
  • gMSA
  • Groups
  • heat-map
  • heatmap
  • Invoke-Command
  • Kerberoasting
  • KQL
  • Logs
  • M365
  • Mapping
  • Microsoft 365 Security
  • Microsoft Defender XDR
  • Mitigations
  • MITRE
  • MITRE ATT&CK
  • MITRE D3FEND
  • Monitoring
  • MSA
  • Navigator
  • One-Liners
  • Phishing Simulation
  • Port Scanner
  • PowerShell
  • Process Investigation
  • PSSession
  • Python
  • QRadar
  • Quick Guide
  • Registry
  • Registry Recon
  • Remote Management
  • Retention
  • Scheduled Tasks
  • Scripting
  • Security
  • Security Monitoring
  • Services
  • Set-ADServiceAccount
  • SIEM
  • sigma
  • Simple
  • SIOR
  • SIOR-Helper
  • Size
  • SOAR
  • Sysadmin
  • Sysmon
  • Tasks
  • Threat Hunting
  • Threats
  • Tutorial
  • Windows
  • Windows Event Forwarding
  • Windows Server
  • WinRM
  • YARA

Blog Archive

  • May 2026 (6)
  • July 2025 (3)
  • January 2025 (7)
  • December 2024 (9)

Report Abuse

Navigation

  • Home
  • About
  • Contact
  • Search
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Impressum

Categories

  • Security
  • Scripting
  • Tutorials

Copyright © Security Scriptographer — PowerShell & Microsoft 365 Security

Design by Compete Themes | Blogger Theme by NewBloggerThemes.com