Writing about Threat Detection on @Medium? Detect.FYI

Começou a copa (Saqueace)

Thousands of investors bought $SPCE this morning thinking it was $SPCX (SpaceX). They are now down nearly 30% after realizing they bought the wrong stock.

The latest KustoInsights is out! Lots of community blogs have been added in the past month. kustoinsights.substack.com/p…

Coimbra

🚨Breaking: Mark Zuckerberg personal email and phone number leaked by the latest Instagram bug thats lets you see sensitive information of other users😳

Sam Altman is starting to panic

Cut the crap. Literally, cut the unnecessary distractions out of your life—delete apps, unfriend and unfollow toxic people, stop committing to activities you don't care about. Life is too short.

Feels like a good time to bring this back 🇧🇷

"Vamos ganhar todas as taças, onde vamos guardá-las???" O pequeno Braydon fez a pergunta a Pep Guardiola há dez anos. E eles se reencontraram para a resposta final.

For people who just started with #KQL and want to learn why this is AI-slop. Some indicators are explained in the 🧵

I think AI coding hype follows roughly four stages: 1. Amazement You try it and can’t believe how much code it generates from a few prompts. 2. Expansion You start more and more projects because shipping suddenly feels cheap and fast. This is also the phase where people start convincing everyone around them: - coworkers - management - friends in other companies because nobody wants to “fall behind” in 6–12 months. That creates a massive snowball/FOMO effect. 3. The grind phase You realize the generated code has architectural issues, sloppy mistakes, weird abstractions, duplicated logic, broken edge cases, etc. So you start: - re-prompting - switching models - increasing reasoning effort - reviewing fixes - generating fixes for previous fixes And suddenly you spend your days reviewing AI-generated pull requests instead of building software. 4. Realization You realize AI coding increases output much faster than it increases certainty. The code still needs: - review - testing - ownership - architectural understanding - long-term maintenance Usually by expensive senior engineers. And the interesting thing is: this whole cycle can take many months or even more than a year because people become socially and professionally invested in the narrative themselves. Once teams, managers, and entire companies have been convinced that this is the future, it becomes psychologically and politically very hard to later say: “Actually, the ROI is much lower than we expected.”

I'm done. I'm f***ing done.

Microsoft Defender XDR Custom Detection Rules: A Complete Guide & Best Practices #DFIR detect.fyi/microsoft-defende…

PowerShell for Defenders - Finding Persistence Scripts you can use to spot various mechanisms hackers use to persist hackers-arise.com/powershell… @three_cube @_aircorridor #windows #apt

PowerShell DFIR 2026: from MemProcFS-Analyzer to KAPE-style mini-timeline andreafortuna.org/2026/05/20…

New #KQL query added for PIM security alerts. PIM security alerts can be used to identify policy violation/change. The alerts focus on identity governance, but can be a useful enrichment for your security team. github.com/Bert-JanP/Hunting…

I have a funny idea. Add fake internal DNS entries like: - honeypot01 - canarydc - edr-test-node - malwarelab to your AD environment. Not for humans, but for future LLM-driven recon agents. Basically: We're entering an era where naming things might become a defensive control 🙂

AI is not for you