http://sentinelchangelog.net/tags/t1098.001/Recent content in T1098.001 on sentinelchangelog.netHugo -- 0.157.0enFri, 29 May 2026 10:56:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Fri, 29 May 2026 10:56:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse.http://sentinelchangelog.net/posts/2026-05-28-pr-14307/Thu, 28 May 2026 11:14:14 +0000http://sentinelchangelog.net/posts/2026-05-28-pr-14307/Added three hunting queries targeting identity boundary expansion techniques in Entra ID that escalate privileges without creating new accounts.http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Wed, 27 May 2026 13:42:33 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations.http://sentinelchangelog.net/posts/2026-05-26-pr-14311/Tue, 26 May 2026 08:14:04 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14311/Three hunting queries detect multi-event attack chains in Entra ID—privileged role grants followed by SP credential additions and MFA disabling followed by sign-ins from unknown IPs.http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Mon, 18 May 2026 07:30:57 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.http://sentinelchangelog.net/posts/2026-05-07-pr-14213/Thu, 07 May 2026 10:51:04 +0000http://sentinelchangelog.net/posts/2026-05-07-pr-14213/Identifies service principal credential additions by actors not observed performing these operations in the previous 90 days, targeting persistence techniques.