Technical articles on threat hunting, KQL/Sentinel detection, pentesting and incident response. No fluff: queries and procedures I actually use.
Three KQL signals (entropy, volume and record types) to hunt DNS exfiltration and C2, and how to turn them into an analytics rule.
Read article β>_ More articles coming soonβ¦