// blog

A technical breakdown of the ZipLine initial access campaign linked to Qilin ransomware, and how to detect the HTA delivery chain in Microsoft Defender XDR.

How AI can automate Entra ID tenant destruction and what it leaves behind in Entra ID audit logs.

This blog post explains how Security Teams can integrate threat intelligence feeds into KQL-based detections; from Microsoft Defender Threat Intelligence (MDTI) to open source feeds.

A breakdown of Service Principal credential persistence in Entra ID and how to detect it with KQL.

AI agents are redefining 'the weakest link' means in enterprise architecture. A KQL-based solution to detecting OpenClaw and MCP in modern environments.

A technical breakdown of CanisterSprawl; the second iteration of the CanisterWorm supply chain operation, now with active self-propagation, cross-ecosystem PyPI infection, and upgraded exfiltration infrastructure.

A practical approach to detecting Bring Your Own Vulnerable Driver (BYOVD) activity using KQL and LOLDrivers.