Skip to content

Security Scriptographer — PowerShell & Threat Hunting

Through Security Scriptographer, I transform complex security concepts into practical scripts and tutorials. Proficient in PowerShell, Python and various security frameworks, I'm here to help others enhance their security toolkit. Simple code, serious security. 🛡️

  • Home
  • Start Here
  • About me

Sigma Rule for Malicious Scheduled Tasks: Event 4698

May 31, 2026 0 Comments 10 min read
Sigma Rule for Malicious Scheduled Tasks: Event 4698

A Sigma rule for scheduled task detection is the portable way to catch one of the most reliable persistence techniques on Windows: ...

Read more →

Detection Engineering Persistence SIEM Sigma Sysmon Threat Hunting

Sigma Rules for SIEM Detection: A Beginner's Guide

May 30, 2026 0 Comments 10 min read
Sigma Rules for SIEM Detection: A Beginner's Guide

Sigma rules for SIEM detection are what YARA is to files: a structured, vendor-neutral way to describe what a bad log event looks l...

Read more →

PowerShell Script Block Logging with Event ID 4104

May 28, 2026 0 Comments 10 min read
PowerShell Script Block Logging with Event ID 4104

Most PowerShell-based attacks rely on the same trick: pass a Base64-encoded command, a string concatenation, or a script downloaded ...

Read more →

PowerShell Security Monitoring Threat Hunting Windows

Detecting Kerberoasting with Windows Event ID 4769

May 28, 2026 0 Comments 10 min read
Detecting Kerberoasting with Windows Event ID 4769

Kerberoasting ( MITRE ATT&CK T1558.003 ) is one of the few credential-access techniques that produces a clean, on-prem audit sig...

Read more →

Active Directory Security Monitoring Threat Hunting Windows

Sysmon Configuration for Windows Security Monitoring

May 28, 2026 0 Comments 10 min read
Sysmon Configuration for Windows Security Monitoring

Native Windows auditing covers a surprising amount of ground, but it has known gaps: no file hashes on process creation, no outbound...

Read more →

Security Monitoring Sysmon Threat Hunting Windows
← Newer Posts Older Posts → Home
Subscribe to: Posts (Atom)

Search

most popular blogs

From Logs to Threats: SIEM Correlation Rules for Real Attacks

Image
Read more

PowerShell Script Block Logging with Event ID 4104

Image
Read more

Important References

  • MITRE ATT&CK
  • MITRE D3FEND
  • PowerShell Documentation

Categories

  • Active Directory
  • ASR Rules
  • Authentication
  • Automation
  • BitLocker
  • Conditional Access
  • Defense Evasion
  • Detection Engineering
  • Device Compliance
  • Disk Encryption
  • Endpoint Security
  • Entra ID
  • EVTX
  • FIDO2
  • Forensics
  • Hybrid Identity
  • Identity Security
  • Incident Response
  • Intune
  • IOC
  • KQL
  • MFA
  • Microsoft 365 Security
  • Microsoft Defender for Endpoint
  • Microsoft Defender XDR
  • Microsoft Graph
  • Microsoft Intune
  • Microsoft Sentinel
  • Migration
  • MITRE ATT&CK
  • MITRE D3FEND
  • Passwordless
  • Persistence
  • Phishing Simulation
  • PowerShell
  • Privileged Identity Management
  • Project Online
  • Python
  • Scripting
  • Security Baselines
  • Security Monitoring
  • SharePoint
  • SIEM
  • Sigma
  • Sysadmin
  • Sysmon
  • Threat Hunting
  • Tutorials
  • Windows
  • Windows LAPS
  • Windows Security
  • YARA

Blog Archive

  • July 2026 (4)
  • June 2026 (21)
  • May 2026 (8)
  • July 2025 (3)
  • January 2025 (5)

Report Abuse

Navigation

  • Home
  • Start Here
  • About
  • Search
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Impressum
  • Manage privacy settings

Categories

  • Security
  • Scripting
  • Tutorials

Guides

  • Start Here
  • MITRE ATT&CK Fundamentals
  • MITRE D3FEND Fundamentals

Copyright © Security Scriptographer — PowerShell & Threat Hunting

Design by Compete Themes | Blogger Theme by NewBloggerThemes.com