Quick Links
Findings
- About Blumira Findings
- Investigating “365 Alert Policy: Creation of forwarding/redirect rule” findings
- Investigating "Audit Policy Change via Auditpol" findings
- Investigating “Azure Identity Protection Risky Sign-in” findings
- Investigating "Batch Script Execution" findings
- Investigating "Clearing of Windows Event Log" findings
- Investigating "Connection from Public IP Address" findings
- Investigating "Internal Reconnaissance - Connection" findings
- Investigating "Microsoft Defender: Malware Threat" findings
- Investigating “Mimikatz Pass the Hash” findings
- Investigating "Local User Addition or Modification via Net Commands" findings
- Investigating “Microsoft 365: Authentication Outside of U.S.” findings
- Investigating “Microsoft 365: Impossible Travel AAD Login” findings
- Investigating "Microsoft 365: Potential Mailbox Permissions Change" findings
- Investigating "Password Spraying" findings
- Investigating process IDs and host logs in Report Builder
- Investigating "Reconnaissance via Net Commands" findings
- Investigating "Remote Access Tool" findings
- Investigating "Suspicious Process Parent" findings
- Using the Actor ID to verify activity in Azure Global Admin findings
- How to decode a decimal encoded command
- What to expect from Blumira during vulnerability scans and pen tests