Skip to content

Security Scriptographer — PowerShell & Threat Hunting

Through Security Scriptographer, I transform complex security concepts into practical scripts and tutorials. Proficient in PowerShell, Python and various security frameworks, I'm here to help others enhance their security toolkit. Simple code, serious security. 🛡️

  • Home
  • Start Here
  • About me

Detecting Kerberoasting with Windows Event ID 4769

May 28, 2026 0 Comments 10 min read
Detecting Kerberoasting with Windows Event ID 4769

Kerberoasting ( MITRE ATT&CK T1558.003 ) is one of the few credential-access techniques that produces a clean, on-prem audit sig...

Read more →

Active Directory Security Monitoring Threat Hunting Windows

Sysmon Configuration for Windows Security Monitoring

May 28, 2026 0 Comments 10 min read
Sysmon Configuration for Windows Security Monitoring

Native Windows auditing covers a surprising amount of ground, but it has known gaps: no file hashes on process creation, no outbound...

Read more →

Security Monitoring Sysmon Threat Hunting Windows

Windows Event Forwarding Setup for Centralised Logs

May 28, 2026 0 Comments 10 min read
Windows Event Forwarding Setup for Centralised Logs

Knowing which event IDs to watch is half the job; getting them off every endpoint before the local Security log wraps is the other h...

Read more →

Security Monitoring SIEM Sysadmin Windows

Useful Advanced Hunting KQL Queries in Microsoft Defender

May 28, 2026 0 Comments 10 min read
Useful Advanced Hunting KQL Queries in Microsoft Defender

Microsoft Defender's Advanced Hunting is genuinely useful — possibly the most useful thing in the portal that does not have a f...

Read more →

KQL Microsoft 365 Security Microsoft Defender XDR Threat Hunting

Automating Phishing Simulations for New Employees in M365 — Sort Of

May 27, 2026 0 Comments 10 min read
Automating Phishing Simulations for New Employees in M365 — Sort Of

A few weeks ago we tried to improve our phishing simulation game for new employees in Microsoft 365 . The goal was simple: new hire...

Read more →

Automation Microsoft 365 Security Phishing Simulation PowerShell
← Newer Posts Older Posts → Home
Subscribe to: Posts (Atom)

Search

most popular blogs

PowerShell Script Block Logging with Event ID 4104

Image
Read more

From Logs to Threats: SIEM Correlation Rules for Real Attacks

Image
Read more

Important References

  • MITRE ATT&CK
  • MITRE D3FEND
  • PowerShell Documentation

Categories

  • Active Directory
  • ASR Rules
  • Authentication
  • Automation
  • BitLocker
  • Conditional Access
  • Defense Evasion
  • Detection Engineering
  • Device Compliance
  • Disk Encryption
  • Endpoint Security
  • Entra ID
  • EVTX
  • FIDO2
  • Forensics
  • Hybrid Identity
  • Identity Security
  • Incident Response
  • Intune
  • IOC
  • KQL
  • MFA
  • Microsoft 365 Security
  • Microsoft Defender for Endpoint
  • Microsoft Defender XDR
  • Microsoft Graph
  • Microsoft Intune
  • Microsoft Sentinel
  • Migration
  • MITRE ATT&CK
  • MITRE D3FEND
  • Passwordless
  • Persistence
  • Phishing Simulation
  • PowerShell
  • Privileged Identity Management
  • Project Online
  • Python
  • Scripting
  • Security Baselines
  • Security Monitoring
  • SharePoint
  • SIEM
  • Sigma
  • Sysadmin
  • Sysmon
  • Threat Hunting
  • Tutorials
  • Windows
  • Windows LAPS
  • Windows Security
  • YARA

Blog Archive

  • July 2026 (4)
  • June 2026 (21)
  • May 2026 (8)
  • July 2025 (3)
  • January 2025 (5)

Report Abuse

Navigation

  • Home
  • Start Here
  • About
  • Search
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Impressum
  • Manage privacy settings

Categories

  • Security
  • Scripting
  • Tutorials

Guides

  • Start Here
  • MITRE ATT&CK Fundamentals
  • MITRE D3FEND Fundamentals

Copyright © Security Scriptographer — PowerShell & Threat Hunting

Design by Compete Themes | Blogger Theme by NewBloggerThemes.com