T1098.003 on sentinelchangelog.net

T1098.003 on sentinelchangelog.nethttp://sentinelchangelog.net/tags/t1098.003/Recent content in T1098.003 on sentinelchangelog.netHugo -- 0.157.0enMon, 01 Jun 2026 04:39:34 +0000Slack Audit Solution: Enhanced Detection Logic and Alert Enrichmenthttp://sentinelchangelog.net/posts/2026-06-01-pr-14245/Mon, 01 Jun 2026 04:39:34 +0000http://sentinelchangelog.net/posts/2026-06-01-pr-14245/Slack Audit analytic rules, hunting queries, and workbook upgraded with improved KQL logic, custom alert details, and enhanced entity mappings for stronger workspace monitoring.Entra ID Post-Credential Activity Detection: Service Principal Staging and Privileged Role Escalationhttp://sentinelchangelog.net/posts/2026-05-29-pr-14299/Fri, 29 May 2026 10:56:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse.Entra ID Authentication Anomalies: Advanced Hunting for Privilege Abuse and Defense Evasionhttp://sentinelchangelog.net/posts/2026-05-27-pr-14339/Wed, 27 May 2026 13:42:33 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations.Entra ID Account Takeover: Three-Query Hunting Pack for Post-Compromise Detectionhttp://sentinelchangelog.net/posts/2026-05-27-pr-14335/Wed, 27 May 2026 13:41:06 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14335/Adds hunting pack targeting device code phishing, service principal persistence, and bulk password resets by privileged actors.Entra ID Workload Identity and Privileged Role Hunting Pack: Three New Detection Querieshttp://sentinelchangelog.net/posts/2026-05-21-pr-14281/Thu, 21 May 2026 12:50:47 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14281/New hunting pack targeting workload identity abuse and privileged role assignment anomalies with coverage gaps for service principal credential theft and PIM bypass techniques.Entra ID Cross-Source Hunting Pack: Post-Compromise Pattern Detectionhttp://sentinelchangelog.net/posts/2026-05-19-pr-14262/Tue, 19 May 2026 10:09:11 +0000http://sentinelchangelog.net/posts/2026-05-19-pr-14262/Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection.AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappingshttp://sentinelchangelog.net/posts/2026-05-18-pr-14101/Mon, 18 May 2026 07:30:57 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.Entra ID Attack Chain Detection: 5 New Hunting Queries Target Application Layer Persistencehttp://sentinelchangelog.net/posts/2026-05-13-pr-14239/Wed, 13 May 2026 10:29:56 +0000http://sentinelchangelog.net/posts/2026-05-13-pr-14239/Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns.