Cybergilly

DoD Cyber Sentinel Challenge | Correlation One Apply to this Cybersecurity skills challenge for your chance to win $15,000 in prizes and access new career opportunities.

Heads up:

The Cyber Sentinel Skills Challenge is happening June 14 — a free, one-day virtual CTF backed by the DoD.
• $15K in cash prizes
• Realistic cyber scenarios
• Open to all skill levels
• U.S. Citizens & Green Card holders, 18+

Apply here: bit.ly/cyber-sentinel

Stay Humble!

This is “Gold”

Same dude! Let’s get a good setup going

User: “I can’t access my files!”
Helpdesk: “Where are they saved?”
User: “In my head.”

Thank you! Stoked to see it

What did the network engineer say to the helpdesk technician?

‘Users? Sounds like a Layer 8 problem to me!’

Phishing by Design: Two-Step Attacks Using .vsdx Files

I have crafted a precise KQL using Microsoft Defender for Office 365 and Endpoint to detect such abuse scenarios.

perception-point.io/blog/phishin...

#Cybersecurity #KQL #Phishing #Evasion #TrustedPlatform

𝗧𝗵𝗲 𝗣𝗲𝗿𝗳𝗲𝗰𝘁 𝗖𝘂𝘀𝘁𝗼𝗺 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 ... 😘

Using CloudApp & Behaviour Analytics to detect malicious threat actor Copilot Agent.

#Cybersecurity #DefenderXDR #CloudApp #CopilotAgent #KQL

CloudApp BEC Defense Policy - Axios

Attackers bypass MFA using a phishing framework with Axios HTTP client. Detect compromise in sign-in logs with user agent axios/1.7.7. Proposing auto-detection & isolation for SecOps assessment.

Sources: Asger Deleuran Strunk / Stephan Berger

Hunting-Queries-Detection-Rules/DefenderXDR/Social Engineering Attack Monitor - Teams & Emails.kql at main · SlimKQL/Hunting-Queries-Detection-Rules KQL Queries. Microsoft Defender, Microsoft Sentinel - SlimKQL/Hunting-Queries-Detection-Rules

KQL Code:
github.com/SlimKQL/Hunt...

Social Engineering Attack Alert - Teams & Emails

Kevin Beaumont shared insights on helping orgs recover from ransomware attacks. Key tactic: social engineering. Attackers used phone recon to gather contacts, then flooded users with emails & Teams messages. Custom KQL script for early detection:

Hunting-Queries-Detection-Rules/Sentinel/Hunting Rockstar 2FA.kql at main · SlimKQL/Hunting-Queries-Detection-Rules KQL Queries. Microsoft Defender, Microsoft Sentinel - SlimKQL/Hunting-Queries-Detection-Rules

Hunting Rockstar 2FA:
github.com/SlimKQL/Hunt...

Hunting Rockstar 2FA: A Key Player in Phishing-as-a-Service (PaaS)
www.trustwave.com/en-us/resour...

Sharing a Sentinel KQL detection for ShadowHound by Friends-Security, which enhances AD enumeration for security assessments. Beware: it can be misused by threat actors & red teamers for reconnaissance. My KQL rule helps identify and mitigate these risks. #KQL #ShadowHound

In AD environments, Timeroasting exploits NTP authentication to request password hashes of computer/trust accounts. If non-standard or legacy passwords are used, offline brute-forcing is possible. I've created a KQL query to detect such activities. #KQL #Timeroast

Don’t be weirded out if you see me reposting - I want to see how Bluesky works as my kql second brain 😬

Thanks your the best!

@adjacentnode.com

Can you do another run through of your homelab?

Let’s just reply back and forth to each other with corny networking jokes - you go first!

5 Classes left!

I'm planning on making a practical guide once I complete my Masters at WGU.

Thoughts on this?