In the first article, we spent time setting up the foundation: getting Entra ID audit logs and sign-in logs flowing into Splunk through a dedicated ingestion pipeline. If you haven’t gone through that setup yet, I recommend starting there as everything we do in this post depends on having those logs available and searchable. ENTRA GOAT In this article we will be working through setting up ENTRAGOAT , an intentionally vulnerable Microsoft Entra ID lab created by Semperis . If

It’s been about five months since my last post, life has been busy as I’ve been ramping up in my new Threat Response role. The learning curve has been thrilling. Over the past few months I’ve been deepening my understanding of detection engineering, incident response, and how attackers move across a much wider set of technologies beyond the traditional Windows stack. Now I’m shifting gears again, and I figured I shouldn’t leave you all behind. I’m going to spend some time bre

a-question-well-posed-is-a-problem-half-solved-investigating-mailbox-forwarding-alerts-on-shared-ma This past week, I was asked: “How can...

This is the final part in the Breach and Containment series that I have worked on this weekend. In the first part, we played the role of...

In this post, we’re going to simulate a breach on an endpoint in our domain, investigate the activity through logs, and build the...

I have recently been doing Cyber Defenders labs in their Blue Yard Cyber range to get more reps in from a DFIR perspective. This week we...

I've been working on my Python skills for Cybersecurity, taking on various projects that expose me to various facets of Python that would...

One of my goals for this year was to work on improving my programming skills. The way I have been approaching this is by revisiting...

Part 1: Setup LimaCharlie sensor and exploring the telemetry and benefits of the EDR Part 2: Integrating our SOAR (Tines) and the...

Part 1: Setup LimaCharlie sensor and exploring the telemetry and benefits of the EDR Part 2: Integrating our SOAR (Tines) and the...

Part 1: Setup LimaCharlie sensor and exploring the telemetry and benefits of the EDR Part 2: Integrating our SOAR (Tines) and the...

Part 1: Setup LimaCharlie sensor and exploring the telemetry and benefits of the EDR Part 2: Integrating our SOAR (Tines) and the...

Part 1: Setup LimaCharlie sensor and exploring the telemetry and benefits of the EDR Part 2: Integrating our SOAR (Tines) and the...

SEC504 the GCIH Exam: Insights and Preparation In my last certification review post back in November 2024, found here:...

How PowerShell Can Fast-Track Your Security Incident Investigations In cybersecurity, the ability to quickly identify deviations from a...

Taking on FOR500 and sitting the GCFE Exam: Insights and Preparation It's been a minute since I last made a blog post, but as you can see...

A guide to Detecting and Mitigating Registry-Based Persistence Mechanisms The Windows Registry is often an underutilized asset in the...

Introduction Hey everyone! 👋 I'm excited to share a project I've been working on that's both a fun challenge and a crucial tool in...

Welcome to the Microsoft Sentinel and Honey pot detection lab. Please note that this lab includes troubleshooting steps I had to do along...

How do Security Analyst investigate alerts? Well, it can vary. However, I will be going through an investigation methodology which...