📢If you missed my talk about Azure Attack Path at the @identitysummit, I just updated my blog with content created for the conference. New analytic rules, demo attack script and the slides are not available. #Azure #Security #Defend #Attack #Sentinel.

RT @hkashfi: I just noticed CVE-2025-25257 and had a giggle. Not because it's yet another Fortinet remote bug. But because it's a SQLi, in….

Join millions who have switched to Grok.

You might want to check your XDR streaming API as well and do some late summer cleaning. You might be surprised to find a Sentinel from the past. #XDR.

RT @TEMP43487580: I just started a new blog, and this is my first post. I took a bit of PTO, so this is a little record of some fun I had p….

RT @g0njxa: A Windows #Clickfix alternative seen in the wild on a mass-spreading malware campaign bypassing traditional Win+R shortcut rest….

You work with #XDR and always wanted to the process tree data outside of the Defender portal?. With XDR Story Parser you can.▫️Redact sensitive information.▫️Export process tree as screenshot.▫️Extract PowerShell and command-lines.▫️Zoom in onto a process.

RT @JohnLaTwC: In KQL, if you have a base table with many columns, you may want a simplifed view--just a subset of columns that are arrange….

RT @DuRM365: #Security & #Governance sind zentrale Bestandteile einer sicheren Verwendung von IT Ressourcen. Auch in #Microsoft365 müssen w….

Wanna play around with #KQL and #Graph. Microsoft just released sample datasets to play around and look at this gorgeous visualization for the #Bloodhound schema they offer!. Thanks @cosh23 🥰.

Token Protection in Microsoft Entra Conditional Access for Windows is now GA! 🎉. #EntraID #Token.

RT @schnoll: No more MOERA domains for email (which you shouldn't be using the first place 😉). Limiting Onmicrosoft Domain Usage for Sendin….

RT @ExpelSecurity: 🚨 A NEW trojan on the block spotted by our threat intel team 👀. We saw files with the code-signing signature “GLINT SOF….

RT @_dirkjan: If you didn't find my Black Hat / Def Con slides yet, they are available on . Also includes the demo….

Want to watch how Microsoft is removing the XDR deception configuration. Initially I had written this for debugging, but not I guess we only will see how stuff get's removed over time. #XDR #Deception #RIP. Thanks @DylanInfosec for the initial idea.

RT @4ndr3w6S: Still need a ticket to @DEATHCon2025 in Austin?. Just a few left. Grab yours before they’re gone ⬇️.

RT @PyroTek3: One of the things that can be challenging when creating a honeypot account in Active Directory is making it look like a real….

RT @BertJanCyber: New blog! .GraphApiAuditEvents: The new Graph API Logs. This July the GraphApiAuditEvents were released in public preview….

New Microsoft Graph based API for response actions in #MDI . Disable, Enable, ForcePasswordReset and RevokeAllSessions finally available for your automations.

Deception feature in Microsoft Defender for Endpoint will be retired by 31. October 2025 #deception #xdr .

RT @dmcxblue: Back from PTO and back on my Azure vulnerable lab project Function Apps, Runbooks, VMs, DBs, SPNs & more. Built to learn Azur….

RT @shodanhq: $5 Membership sale is live for the next 24 hours: