Would you be interested in testing LSASS dumping simulation ? 🚀 Testing script is available ↓ ↓ ✅ Simulation : github.com/LearningKijo/R… #MDE #EDR #MDAV #EPP #MicrosoftSecurity

After running the script, these alerts were generated and correlated into a single incident in Microsoft Defender XDR portal. ✅ Simulation : github.com/LearningKijo/R…

Easily one of the best articles I've read this year! Clément Notin: medium.com/tenable-techbl…

Got a new blog out today with some ideas around hunting for cloud session anomalies - I think this is a super relevant topic with cookie/token theft TTPs being all the rage these days! sumologic.com/blog/hunt-clou…

Happening now at #New2CyberSummit: [email protected] and Sylvain Lu share a day in the life of detection engineers. Hear this talk: sans.org/u/1uk7 #CybersecurityJourney

🎁 Today I'm giving away 3 of our DFIR Labs! 🎁 To enter: ✅Follow me ✅RT & Like this post ✅Reply with which case you'd like to take The winners will be selected in 24 hours. #Giveaway

If you are in MTL, come say hi! NorthSec

Our website is up and will be updated with all the latest informations about the conference. Have a look and give us your feedback! snowcon.info

I am happy to share a new resource I recently created called The Ransomware Tool Matrix: 🔗 blog.bushidotoken.net/2024/08/the-ra… #CTI #ThreatHunting #ThreatIntel #Ransomware

I created the first draft of a website for the EDR telemetry project to help people quickly compare vendor telemetry visibility. What do you think about it? Are there any specific features you want to see for the website? Built with ChatGPT 4o with canvas (wanted to test it

Between July 2023 and June 2024, Microsoft observed nation-state threat actors conduct operations for financial gain, enlist cybercriminals to collect intelligence, and make use of the same tools and frameworks favored by cybercriminals: msft.it/6018mf9Sm

Microsoft has been running massive deception campaigns that flood new phishing sites with bogus credentials for bogus companies on MS tenants. When attackers log in, they deliver a torrent of fresh threat intelligence that can be used to defend: #infosec youtube.com/watch?v=78qnM_…

If you're up for some Frenglish 😛 my @DEFCON talk about the XZ backdoor is now available on YouTube! And If you are at BSides Melbourne, come say hello—I’ll be presenting a shorter version of the talk there. 🤓 #infosec #threatintel youtu.be/hwuIb-Vv2Ew?si…

Very happy to hear my talk has been accepted to BSides London! 💂🏻🇬🇧 This is something I’ve wanted to do for a long time. Join me to hear about a new resource I’ve created to help prevent ransomware attacks 🔒☣️

Just pushed a new versions for #AADInternals and AADInternals-Endpoint modules! Some bug fixes plus support for: 1️⃣ Microsoft Authentication Library (MSAL) 2️⃣ Token Protection 3️⃣ Continuous Access Evaluation (CAE)

We’re seeing a clear trend: attackers are bypassing the endpoint entirely. Not just avoiding traditional EDR-monitored systems by pivoting to embedded and edge devices, but now also operating purely in the cloud. No shell, no malware, no persistence on the endpoint. Just an OAuth

New table in Advanced Hunting 🎯 OAuthAppInfo table contains information about Microsoft 365-connected OAuth applications !! Make sure you enabled MDA App Governance !! learn.microsoft.com/en-us/defender…

🌟New report out today!🌟 Hide Your RDP: Password Spray Leads to RansomHub Deployment Analysis and reporting completed by [email protected], Aleks and UC2 🔊Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/06/30/hid…

It's been a while since I last wrote a KQL query 🎯 Today, I published a blog post about #ZAP response time in #EOP and how we can analyze the timing using #KQL. 🎯 Blog : osintteam.blog/how-fast-does-… * There may already be other approaches or queries to measure ZAP response time

#x33fcon 2025 talks: Dirkjan van Ittersum - Bringing Your Own Identity Provider to Entra for Persistence and MFA Bypasses > youtu.be/eKFgOtNpxwU