Start Here

New here? This page is the fastest way to work out what SecurityScriptographer covers and where to start reading. It is a defender-focused blog about Windows security, detection engineering, PowerShell, and Microsoft 365 administration — written by one person who runs the things he writes about before publishing them.

What this blog is about

Every post takes one concrete problem and solves it: a detection to build, a script to write, an event ID to make sense of, or a Microsoft feature that does not quite work the way you would hope. The framing is always defensive. Where a topic touches offensive tooling — phishing simulation, port scanning, YARA, scheduled-task abuse — it is written from the perspective of detecting or hardening against it, on systems you own or are authorised to test.

If you want the longer version of who writes this and why, the About page has it.

Start with a pillar guide

Two longer reference guides anchor most of the detection content. They are a good place to start if you want the framework before the individual how-tos:

MITRE ATT&CK Fundamentals — a practical walkthrough of tactics, techniques, and procedures, and how to actually use ATT&CK rather than just cite it.
MITRE D3FEND Fundamentals — ATT&CK's defensive companion framework, mapping countermeasures to the techniques they address.

Browse by topic

If you would rather dig straight into the how-tos, the posts cluster into a few areas:

Windows security — event-log monitoring, Sysmon configuration, scheduled-task and service abuse, registry forensics, and Kerberoasting detection.
Detection engineering — Sigma rules, SIEM correlation, KQL hunting in Microsoft Defender, and YARA.
PowerShell — security audit scripts, event-log handling, one-liners, and remote management basics.
Microsoft 365 and Entra — phishing simulation, advanced hunting, and hybrid identity.

The Security, Scripting, and Tutorials label pages collect posts by category, and the search box handles anything more specific.

Contact and housekeeping

Corrections, questions, and "you got this wrong" notes are welcome. The contact email and full publisher details are on the Impressum. The Privacy Policy, Disclaimer, and Terms and Conditions cover the legal side.

Security Scriptographer — PowerShell & Threat Hunting

Through Security Scriptographer, I transform complex security concepts into practical scripts and tutorials. Proficient in PowerShell, Python and various security frameworks, I'm here to help others enhance their security toolkit. Simple code, serious security. 🛡️

Start Here

What this blog is about

Start with a pillar guide

Browse by topic

Contact and housekeeping

Search

most popular blogs

MITRE ATT&CK to SIEM Rules: A Practical Look at SIOR-Helper

From Logs to Threats: SIEM Correlation Rules for Real Attacks

Important References

Categories

Blog Archive

Report Abuse