Threat Hunting with Microsoft Defender XDR: Reconstructing a Ransomware Intrusion

Reconstructing a multi-stage ransomware attack using Microsoft Defender telemetry and KQL, covering reconnaissance, credential discovery, persistence, staging, and impact

Featured Posts

cybersecurity

Threat Hunting with Microsoft Defender XDR (including Defender for Endpoint): Investigating Tor Browser Activity

cybersecurity

Building a Governance-Driven Vulnerability Management Program from Scratch

March 03, 2026

cybersecurity

MITRE ATT&CK vs The Cyber Kill Chain: Understanding Two Core Threat Models

February 26, 2026

Building an Incident Escalation Playbook – From Alerts to Action

February 05, 2026

cybersecurity

Useful Websites & Resources for Cybersecurity News

January 22, 2026

cybersecurity

SIEM Log Analysis: Detecting Cleartext Traffic and HTTP-Based Data Exfiltration

January 08, 2026

cybersecurity

Building an ISO 27001 Risk Register: A Practical Exercise in Seeing Risk Clearly

December 15, 2025

Photography

四季 Shiki: Seasons, Stillness, and Balance

November 03, 2025

cybersecurity

Lessons from MIT: Cybersecurity for Managers – A Playbook

October 31, 2025

Threat Hunting with Microsoft Defender XDR: Reconstructing a Ransomware Intrusion

Featured Posts

Threat Hunting with Microsoft Defender XDR (including Defender for Endpoint): Investigating Tor Browser Activity

Building a Governance-Driven Vulnerability Management Program from Scratch

MITRE ATT&CK vs The Cyber Kill Chain: Understanding Two Core Threat Models

Recent Posts

Building an Incident Escalation Playbook – From Alerts to Action

Useful Websites & Resources for Cybersecurity News

SIEM Log Analysis: Detecting Cleartext Traffic and HTTP-Based Data Exfiltration

Building an ISO 27001 Risk Register: A Practical Exercise in Seeing Risk Clearly

四季 Shiki: Seasons, Stillness, and Balance

Lessons from MIT: Cybersecurity for Managers – A Playbook