© 2026 Hashnode
https://github.com/Kajal-Dhanjal/sentinel-detection-lab Part 4 ended on this note: moving off the endpoint entirely and into identity, starting with attackers registering their own MFA methods on com

https://github.com/Kajal-Dhanjal/sentinel-detection-lab This is Part 4 of the series where I build a Microsoft Sentinel detection engineering lab from scratch and write down what actually happened —

Part 3 of a series on building a detection engineering lab in Microsoft Sentinel. This post: registry persistence, a textbook false positive, and the single most important lesson in detection engineer

Part 2 of a series on building a detection engineering lab in Microsoft Sentinel. This post: hunting malicious PowerShell with Sysmon, and the difference between volume detections and signature detect
