Last Updates
1 Case / 1 Protection / 1 Threat / 1 KQL
Case :UB2.C7 -Manage Device Logs – UB2.C7.K1 -Clean/Remove Device Logs Protection :UB2.C7.K1.P1 – Restrict access to Device Logs- Audit …
(UB3.C4.K1) Threat Hunting via Autonomous System Numbers (ASN)
Months ago, I wrote an article (How non-secure ISPs Aid Attackers in Evading Detection) discussing how some malicious actors …
1 Case / 1 Protection / 1 Threat / 1 KQL
Case :UB2.C6 -Connect devices to charge stations via USB Protection :UB2.C6.P1 – Add USB condom, Use AC power outlets or External batteries …
(UB3.C4.K1) How non-secure ISPs Aid Attackers in Evading Detection
UB3.C4.K1 – Users contract and use non-secure ISP The Internet Service Provider (ISP) our users choose plays a critical …
1 Case / 1 Protection/ 1 Threat / 1 KQL
Case :UB3.C4 -Users use different ISPsUB3.C4.K1 – Users contract and use non-secure ISP Protection: UB3.C4.K1.P1 – Monitor activities from …
(UB1.C5) – Email Sender Lists
Adding a malicious domain or sender to a safe sender list (whitelist) poses significant security risks. Users may mistakenly …
(UB1.C4) – Auto-Reply Messages
Configuring auto-reply messages (usually activated on vacation or absence period), while convenient, can expose users and organizations to several potential threats. …
1 Case / 2 KQL’s
Case :UB4.C2.K1 – Use plugins on websites KQL Query :Monitor device service tampering (UB2.C5 -Manage device services)Detect WordPress plugins from …
1 Case / 1 KQL
Case :UB2.C6 -Connect to charge stations KQL Query : Detect Screenshots taken on devices (UB3.C3.T1 -Data leakage of sensitive …
(UB3) Monitoring Sign-In Attempts from Airport Networks
(UB3.C2.K1 – Sign-in attempts from anywhere) New Threat Detection: Monitoring Sign-In Attempts from Airport Networks As cyber threats continue …
1 Case / 2 KQL’s
Case :UB6.C5 Authentication appsKQL Query : UB6.C4.K1 Users authenticate with SMSUB5.C2.T2 Plugins and add-ons added into software programs establishing connections …
1-Case / 1-Protection / 1 -Threats /
Case :UB5.C3 Software configurationsUB5.C3.K1 – Users can add exclusionsProtection : UB5.C3.K1.P1 – Monitor/Restrict allowed exclusions actions Threat : UB5.C3.K1.T1 Users could …
2 Cases / 4 Protections / 4 Threats / 2 KQL’s
Case :UB6.C3 Generate tokensUB6.C4.K1 Users authenticate with SMSProtection : UB6.C3.P1 Use tokens with short lifespans or implement token rotation strategies.UB6.C3.P2 Implement a …
1 Case / 2 Protections / 2 Threats / 1 KQL
Case :UB1.C7 Email Delegate permissionsProtection : UB1.C7.P1 – Audit MailboxesUB1.C7.P2 – Block/Disable permission delegation feature or require on-demand approvalThreat …
1 Case / 1 Known Interaction / 2 Threat / 1 KQL
Case – UB1.C6 Remove EmailsThreat – UB1.C6.T1 – Lost of email non-reputation evidenceK -KQL Queries – UB7.C1.K1.T1 Data leakageKnown interaction – …