Python for threat hunting shines at the unglamorous middle of an investigation: turning a wall of raw text into indicators, check...
Python for Threat Hunting: IOCs, Hashing, Integrity
From Logs to Threats: SIEM Correlation Rules for Real Attacks
Building a PowerShell Security Audit Pipeline
A first PowerShell security audit script is the single most valuable thing a new Windows admin can build — but a script that runs...
PowerShell Event Log Management for Windows Security
PowerShell event log management has two halves that are usually written about separately and shouldn't be: querying the logs ...
PowerShell Threat Hunting: Windows Endpoint Triage Guide
PowerShell threat hunting on a Windows endpoint sits between two extremes: the built-in Get-Process tells you almost nothing use...
KQL Threat Hunting in Microsoft Defender: Full Guide
Most KQL tutorials hand you a pile of operators and leave you to work out how they fit together. This guide does the opposite. It wa...
Subscribe to:
Posts (Atom)
