Everything you need to know about NTUSER.DAT forensics in one place. This article by DFIR expert Chris Ray explains what NTUser.dat is, its forensic

Microsoft Sentinel is based on the Azure stack and thus billed as part of your Azure consumption. It is important to be wary of the monthly cost as it can quickly expand if it is not being watched...

Linkable token identifiers is a new Entra ID feature that adds a GUID to all the audit events for a session. The identifier makes it easy to track user actions.

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed...

Key insights for your investigation found in one place! An overview into Windows Registry Forensics and how to leverage data for your investigations. Jump

Key Takeaways Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credential…

Microsoft Entra ID’s CFIR (Cloud Forensic and Incident Response) provides a solid blueprint for detecting, investigating, and responding to identity threats. However, mastering it requires the right...

Welcome to the third entry of our blog series on automating Microsoft Sentinel. In this series, we’re showing you how to automate various aspects of...

The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Microsoft's Zero Trust model, providing a comprehensive guide for organizations to modernize their security posture.