Detecting QR codes using the Graph API and a custom function application

QR code phishing detection - A theoretical proof of concept using the Microsoft Graph API

Introduction Attackers are increasingly utilising QR codes in their phishing campaigns because they don’t just evade standard detection, they are incredibly difficult to detect without some signif...

Log Ingestion Cover

A Robust Method for Detecting Log Ingestion Issues

Introduction We have recently come across a scenario where one of our clients changed a configuration in AWS, which stopped AWS Cloud Trail logs from coming through to Microsoft Sentinel. We reali...

How To KQL - Part 1 - Cover

How to KQL - Part 1 - The Basics

Introduction Kusto Query Language (KQL) is a powerful data query language developed by Microsoft, primarily used for exploring and visualising data across various Microsoft products. It plays an i...

Lifecycle Workflows Cover

Entra ID Lifecycle Workflows

Introduction A new feature in Entra ID, Lifecycle Workflows allows organisations to automate changes to user objects throughout three key stages in a user’s lifecycle. These three key stages are: ...

Detecting Homograph attacks with KQL

Detecting Homograph Attacks Using KQL

Introduction Let’s play a game of spot the difference! Spot the difference in the URLs below: www.facebook.com www.fаcebook.com If you got it, well done. You have a keen eye, and I bet yo...

Hunting queries for detecting the 3CX breach.

3CX Defender for Endpoint Hunting Queries

Introduction 3CX is a software development company with a large outreach, over 600,000 companies worldwide and around 12 million daily users. 3CX provide desktop applications which allows users to...

Defender for Cloud basics and management

Demystifying Defender for Cloud

Introduction Defender for Cloud (DfC) is a cloud-native platform designed to protect multiple workloads, across several environments, by utilising a plethora of capabilities. Defender for Cloud is...