cyb3rmik3

Follow

👀

I eat IoCs for breakfast.

Michalis Michalos cyb3rmik3

👀

I eat IoCs for breakfast.

Follow

Threat Management Professional | SecOps, Threat Intelligence & DFIR | Microsoft Security MVP

328 followers · 67 following

Achievements

Achievements

Highlights

Pro

Organizations

cyb3rmik3/README.md

Hi there 👋 you have found good karma, and with that, some cyber security resources.

I'm Michalis Michalos (aka cyb3rmik3) and in this github you will find primarly KQL queries associated to Microsoft Defender XDR (Formerly known as 365 Defender) and Microsoft Sentinel as well as notes and resources for various cyber security tools that I use for investigations and analysis.

Specializations

Liked my work? Consider fueling me with a coffee! :)

As featured in

Title	Date
ElasticIQ Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries	02/10/2024
Endpointcave Newsletter July 2024	14/07/2024
This week in 4n6 newsletter	30/06/2024
Kusto Insights - April Update	07/05/2024
Tech news for the week of April 8th, 2024	08/04/2024
This week in 4n6 newsletter	31/03/2024
The Generatrive Partner Crucible	09/02/2024
KQL Security Sources - 2024 Update	14/01/2024
Kusto Insights - December Update	02/01/2024
Forensic Focus Digital Forensics Round-Up	30/11/2023
Endpointcave Newsletter #6 2023	19/11/2023
Detection Engineering Weekly #47	15/11/2023

PGP Public Key 🔒

-----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBGGTw0oBDADRP0lluTJy770/wlUgNZp8qe8Pq97DkfOYxBGYTJzDPVmX8ErZ R2XBMbwntwzb2A/gkX41y7v1d6r15Oy4rCWVdbJwiBcLeIWpYXfqRQLQlggNNMhf l7zBGWzqvOa5yK3SOTSON8uEdxPachgyivBa0VUN24TAUqvNj7jzIuf/xHzWgvmF JxmHJLDW+vTJJkwCcRQGXgNMlu3HfXXD7FgHSiLXtyrLV70jXOftASrOVHPdJ1SV rwDlFmwAFIPdpgjnJlYX4C9ejR4HYUP21LN7/Vz38SPzlxl3zNGc7KZ8p9KY9+w0 u69Q35JXiiSpJZ9SH3MeKEgfxFMls7u/3F+WZEp7REqMZQCyZ7o3vmN/E7gFAEpP HGUVLCoK8M4SsN0ahqvYuFttfJGrkbu9SKjSx7lP1nfKiORngUtXVIdxQzcppgzE UZr2fuWCzPJn8xvQgZ87qHz9Vi+m4ZdI0riKUsMAVBO2xcb8U8GfudovClkK6su1 3NdpNGyLYxLGVscAEQEAAbQpTWljaGFsaXMgTWljaGFsb3MgPG1pY2hhbGlzQG1p Y2hhbG9zLm5ldD6JAdQEEwEIAD4WIQR7sJsdN7q+hPqkaQaiYY5u/wU5bAUCYZPD SgIbAwUJEs5j1gULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCiYY5u/wU5bH7T C/4qxRdSOtPFwswEIwIa0yw/z9BEjGHP1t1yOeTU3b3nN+/hoDnOJwwxBWe/WGdi jNmG7FrJkDX8Xm0Q+HCF4l1TdnP4EuopMv6T6xTfuT3A+zdOA/AZ3b4HkRiBObCz BCjl6rtsLvoaUgdAyF04slQza7Z9okbboqv+eL0Ehjm64RewcM0SDY6cqQFPxDCW r+WTao4S2jLiqbe9e9ncW/23JXqYo+yG6I1PkAWtxdas7FyKa3+bSLuO4kthAviM 7xPoNoJ+ovw5M6XS/umR+AVcoe0OiF01EcolGwVCDcumWHc9FEMY0V4V+D/g1CaS K9FG3qHwKq7LJUlcDPAe5gKkgUAmIrdYC14P08rss3eTp/3GyW59GMNqvxoF8aDw k+pf6+HYM+NBAP0iFjWlRS2rNYACx4V1GENzyl7XIhEAy0gUfTyL1FteL5fjs9r3 YZq9Fb4+Wj3wKQ7+LCEWi5RFgzfiDV8h26RRrY6Glxz56H+MisD0QSo8f3ZWnoAF siO5AY0EYZPDSgEMAND0CmEGI1du0A9z7JEiH+riki5KzL3fxyNjIrEuwqz44TYF iyFrRp1hT0SbD+mAyx6EzNvRy3umSYx2d++ApWwXS/XGZ7W2JwptXNLmJV1DqyUQ 2ToN3Y5KxfOE7xj+OOwenkHv/qE68Gm2pHRpHusXO9OevWWqdPtDqTTydH7ZBg5u vJYqyRXiMIrjnJPuBne6JiLDUyq0rBu+OnpI8EAuGCr92QOLOdDFKeWKPz+vqqW8 ueCYedWCekEQoTI8WaGJj3cKk2Pj8PXl11VsResA5g5xZxwspFSQK8FKholIR8Ao 86+gJfkM7P8dFF7PwC9aKLtcdM7taijntVdGxqr16la3td700D7DQzNbI+wd//Kj f6Gl/3msN1cMFfs7b6FP0X7a2gwbtpU030e3weAMNYa/ERfwnzJv5bJ5R3x6pCxd FnsCAOrKhqi3jjPO6AsEx6SRH7m6dQ6KwjOrj72vA3dmVz+T/MILuZBPaFHsPEaR CAycvbzW1dANnY7kCwARAQABiQG8BBgBCAAmFiEEe7CbHTe6voT6pGkGomGObv8F OWwFAmGTw0oCGwwFCRLOY9YACgkQomGObv8FOWyktAv9GiS8RCXZ0R/2Txjofm3L A+WqUOSoiUiy2DEwYW4Do4dED+J33GRTdWZ5a4Nf4Q60FxiD6tqQ8Ru/7epfm41S qNUrYH3ndEjRN0Q7KLfux6f66yQMbJZt5cVIAxrRYmBmKXQlsSb+jXtdMmoFUSNe /DhCBp+MW/h0oyHqB3blnILmc5WOGJR0ji/Brl0YugaFN4qz3L2o1KQSkgRhYSSz EQMNU57FzfVKmq9vRvbaZa8yMU7Njb2aeHhKsHEbKkhS7P3MZpfgjjFO5IoEJCwa 2ZrQ69kGGUOdM6E+9bfIUq34yNT2WsLD6xPsLio0Lgq++zl7U78SDl8h0mZDdGqZ EMo75FCSVEWTij45qrnQUzW0had8EPWO1kSKyGai1XRuPHLd7dOcQpFGasAGzrNQ 8cYEVVoMfHY5x2yPeWjWx7JFMHrCJoyIi35uNKd9Nkas2ERItr5Tje4C+eZtOOYM +48w3LzOrH6oDHCiJ3WswB7aEvqVksarVG1gRukjxj8K =0ES0 -----END PGP PUBLIC KEY BLOCK-----

Disclaimer 📔

The views and opinions expressed herein are those of the author and do not necessarily reflect the views of the employer.

Pinned Loading

KQL-threat-hunting-queries KQL-threat-hunting-queries Public

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

743 93
MDE-DFIR-Resources MDE-DFIR-Resources Public

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

414 50
Hunting-Lists Hunting-Lists Public

A repository of curated lists with elements such as IoCs to use for threat hunting & detection queries.

34 8
presentations presentations Public

A repository for notes and references of presentations.

5 1
bsidesath2021 bsidesath2021 Public

References used to prepare and deliver presentation "Cyber resilience: Awareness is not enough" at Security BSides Athens 2021.

1 1
DFIR-Notes DFIR-Notes Public

Cheat sheet on memory forensics using various tools such as volatility.

10 3