http://sentinelchangelog.net/tags/t1556.006/Recent content in T1556.006 on sentinelchangelog.netHugo -- 0.157.0enFri, 29 May 2026 10:56:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Fri, 29 May 2026 10:56:48 +0000http://sentinelchangelog.net/posts/2026-05-29-pr-14299/Three new hunting queries target Midnight Blizzard-style persistence patterns — service principal credential staging, privileged role assignments to new accounts, and Temporary Access Pass abuse.http://sentinelchangelog.net/posts/2026-05-26-pr-14311/Tue, 26 May 2026 08:14:04 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14311/Three hunting queries detect multi-event attack chains in Entra ID—privileged role grants followed by SP credential additions and MFA disabling followed by sign-ins from unknown IPs.http://sentinelchangelog.net/posts/2026-05-19-pr-14262/Tue, 19 May 2026 10:09:11 +0000http://sentinelchangelog.net/posts/2026-05-19-pr-14262/Three new hunting queries correlate AuditLogs and SigninLogs to surface post-compromise identity patterns using baseline-driven anomaly detection.http://sentinelchangelog.net/posts/2026-04-10-pr-13848/Fri, 10 Apr 2026 15:05:24 +0000http://sentinelchangelog.net/posts/2026-04-10-pr-13848/New deployment-ready training lab delivers 14 guided exercises with pre-recorded telemetry, detection rules, and automation workflows for practical Microsoft Sentinel skill development.