Bert-Jan 🛡️
@BertJanCyber
Followers
4K
Following
3K
Media
219
Statuses
2K
CSIRT | https://t.co/Tu1l2ZFe0T | Microsoft Security MVP | Blue & Purple Team | SOC | SIEM | Threat Hunting | Detection Engineering | #KQL |
127.0.0.1
Joined January 2022
https://t.co/03Zb3VVVqo is live! 🛡️ I thought about starting a blog page for a while now, the first steps have been taken. In the next period, I will start uploading more #KQL and security related content.
5
49
178
Time to prep for the last session of the year. This Thursday in Alkmaar. Event registration: https://t.co/26o1ZcIVvu
1
4
36
Time to start #KustoCon 2025! Workshop time together with @castello_johnny You can still register for the remote sessions that would start in a couple of hours: https://t.co/oav1lLI30q
1
4
6
Time for your monthly dose of Kusto! Kusto Insights - October Update is out:
0
4
10
While everything was set since even before summer, unfortunately I won't be able to join an elite team of KQL professionals in 3 days for #KustoCon. My place in the schedule, will be filled by a fellow MVP and community member, @ThomasVrhydn who will elaborate Proactive XSPM
0
3
6
This AI Slop slipped into a Bleeping Computer article. Thanks to @Cyb3rMik3, they removed it. 🫡😅
⚠️ Don't fall for AI slop and spread misinformation by reposting these queries. 🙏 1- There is no process called "Sense.exe", it's MsSense.exe 2- You can't find the PID of MsSense.exe with FileName, you should use InitiatingProcessFileName. 3- Process Ids are recycled. You
3
7
45
If you have not implemented a detection for suspicious IIS worker (w3wp.exe) processes, now is your time to do it. The Windows server components rely on IIS, not only WSUS, the same was the case with the last SharePoint vulnerability. https://t.co/tRDJB3NBxc
github.com
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rul...
Some good technical content around the WSUS vulnerability (CVE‑2025‑59287) has been published by @eyesecurity. https://t.co/9u7bSHniPo
4
32
164
@HuntressLabs has now also published a blog about it: https://t.co/ljZRWukQk0 The blog contains a sigma rule with the logic to build detections based on your EDR/logs.
huntress.com
Huntress has observed threat actors exploiting a Microsoft Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287).
0
2
7
Some good technical content around the WSUS vulnerability (CVE‑2025‑59287) has been published by @eyesecurity. https://t.co/9u7bSHniPo
research.eye.security
First reported by Eye Security, this WSUS CVE exposes a major weakness in Microsoft’s update mechanism. Read our full analysis to understand the discovery, proof-of-concept, and recommended defenses.
4
47
157
AI Slop of the week 🫡 Make sure you monitor engagement farmers. #CyberSecurityAwareness
#CyberSecurity
5
5
79
It's finally here! 🥳🥳🥳 I hope we see the same capability in Defender XDR Advanced hunting soon 🥹
learn.microsoft.com
Learn how to visualize graphs in Kusto Explorer, including interactive features and schema visualization capabilities.
1
10
81
No big surprises here. https://t.co/WQhgE6eIOO
@SecurityAura: One more worldwide compromised device 🤔 IYKYK
This was not good enough, my productivity still took a hit. Now EDR has been configured without any automated response. Starting to look good.
1
5
17
This was not good enough, my productivity still took a hit. Now EDR has been configured without any automated response. Starting to look good.
0
0
9
No productivity issues here. What can potentially go wrong?🧐
2
0
16
There is also a booklet version available if you do not want to read it all: https://t.co/iXFVOVAIw5
0
0
1
The @enisa_eu Threat Landscape 2025 has been published. https://t.co/o70xqfG6j7
1
20
53
Pushed a new version of the PowerShell acquisition scripts to run a #KQL via the Graph API. The new version dynamically outputs the results, without the need to assign each output column to the PS object. It can now also export the results to CSV. https://t.co/r7Hzy3opHZ
0
8
41