Microsoft-Analyzer-Suite v1.6.0 released today! 🚀.This update includes multiple new detections for Microsoft Entra ID OAuth Phishing Attacks based on the research by Elastic Security Labs. Check out the changelog for more information. Happy M365/Azure Threat Hunting!.#M365.

We just released MemProcFS-Analyzer v1.2.0 with various enhancements. Check out the changelog for more information. Happy Memory Analysis!. #MemProcFS #MemoryAnalysis #DFIR.

We just released Microsoft-Analyzer-Suite v1.5.1. This update includes bug fixes and a new version of RiskyDetections-Analyzer. Check out the changelog for more information. Happy M365/Azure Threat Hunting!.#M365 #Azure #Entra #BEC #CloudIncidentResponse #DFIR #Microsoft.

Microsoft-Analyzer-Suite v1.5.0 is now available!🚀 We improved among other things the Device Code Flow Abuse detections and added support for the detection of suspicious 'UpdateInboxRules' operations (e.g. used by eM Client). Check out the changelog for more information and.

Quick update on some blacklists of the Microsoft-Analyzer-Suite: ApplicationPermission-Blacklist.csv, DelegatedPermission-Blacklist.csv, and UserAgent-Blacklist.csv. The update of the UserAgent-Blacklist covers the new M365 Account Takeover Attacks using HTTP Client Tools.

RT @SecurityAura: #100DaysOfKQL. Day 75 - Activity From Suspicious User-Agent. I think I have one last after this piggybacking on @LETHAL_D….

Just released Collect-MemoryDump v1.1.0 with various improvements. Triage Collection w/ MAGNET Response (Optional), Microsoft Protection Logs (MPLogs), Automated Processing of 'ProcessesAndModules-Extended_Info.tsv' (MAGNET Response), and much more. #MemoryAnalysis

Happy to announce the release of Microsoft-Analyzer-Suite v1.4.0. It is our first company-branded release!🚀. The new OAuthPermissions-Analyzer uses the output of the new Graph-based 'Get-OAuthPermissionGraph' cmdlet of the Microsoft-Extractor-Suite v3.0.2, which we co-developed.