T1562.001 on sentinelchangelog.net

T1562.001 on sentinelchangelog.nethttp://sentinelchangelog.net/tags/t1562.001/Recent content in T1562.001 on sentinelchangelog.netHugo -- 0.157.0enWed, 27 May 2026 13:42:33 +0000Entra ID Authentication Anomalies: Advanced Hunting for Privilege Abuse and Defense Evasionhttp://sentinelchangelog.net/posts/2026-05-27-pr-14339/Wed, 27 May 2026 13:42:33 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14339/Adds three-query pack detecting legacy auth bypass, guest account abuse, and post-reset privileged operations.Hunting Query: Rootkit Network Evasion Detection via Firewall-EDR Telemetry Deltahttp://sentinelchangelog.net/posts/2026-05-27-pr-14337/Wed, 27 May 2026 08:36:31 +0000http://sentinelchangelog.net/posts/2026-05-27-pr-14337/New hunting query detects kernel-level rootkits bypassing EDR network telemetry by comparing perimeter firewall logs against Microsoft Defender for Endpoint data streams.Entra ID Hunting Pack: Defense Weakening and Privilege Abuse Detectionhttp://sentinelchangelog.net/posts/2026-05-26-pr-14240/Tue, 26 May 2026 06:12:52 +0000http://sentinelchangelog.net/posts/2026-05-26-pr-14240/Three hunting queries targeting silent defense weakening techniques and off-hours privilege escalation in Entra ID environments.ETW-Resistant .NET Fileless Injection Detection via Kernel-Level CLR Loadinghttp://sentinelchangelog.net/posts/2026-05-21-pr-14314/Thu, 21 May 2026 12:14:25 +0000http://sentinelchangelog.net/posts/2026-05-21-pr-14314/New hunting query detects fileless .NET execution even when attackers patch ETW by monitoring kernel-level .NET runtime DLL loading in native processes and untrusted paths.AWS Content Quality Overhaul: Standardized Detection Rules and Improved Entity Mappingshttp://sentinelchangelog.net/posts/2026-05-18-pr-14101/Mon, 18 May 2026 07:30:57 +0000http://sentinelchangelog.net/posts/2026-05-18-pr-14101/Comprehensive quality improvements to 61 AWS Analytic Rules and 35 Hunting Queries with standardized naming conventions, normalized MITRE technique mappings, and updated entity field references from legacy AccountCustomEntity to UserIdentityUserName.Entra ID Attack Chain Detection: 5 New Hunting Queries Target Application Layer Persistencehttp://sentinelchangelog.net/posts/2026-05-13-pr-14239/Wed, 13 May 2026 10:29:56 +0000http://sentinelchangelog.net/posts/2026-05-13-pr-14239/Five hunting queries expose OAuth consent abuse, privileged escalation, and Conditional Access evasion used in Midnight Blizzard and Storm-0558 campaigns.SOC Prime CCF: Three New Detection Rules for Platform Security Eventshttp://sentinelchangelog.net/posts/2026-04-08-pr-13636/Wed, 08 Apr 2026 09:50:43 +0000http://sentinelchangelog.net/posts/2026-04-08-pr-13636/SOC Prime solution adds Analytic Rules detecting platform administration events including tenant deletion and successful logins from malicious IPs.Microsoft Security Copilot: Six New Detections for AI Assistant Abusehttp://sentinelchangelog.net/posts/2026-03-27-pr-13735/Fri, 27 Mar 2026 05:01:42 +0000http://sentinelchangelog.net/posts/2026-03-27-pr-13735/New analytic rules target jailbreak attempts, external access, plugin tampering, and file upload disabling - covering major AI security attack vectors.