Bluewall :verified:

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

This repo is actively maintained, I'll keep adding scripts and templates as I deploy new policies and configurations in production.

Next up: more Intune hardening configs, sensitivity label policies, and DLP templates.
#BlueTeam #M365 #Intune #EntraID #PowerShell #InfoSec

I've been building out M365 security tooling as a solo IT/Sec engineer and figured it's time to share it publicly

https://github.com/Bluewal/m365-intune-scripts

What's in there:
• Audit-before-block scripts (legacy auth, device code flow, shared mailboxes, admin accounts)
• Conditional Access policy templates (country blocking, device code flow block)
• Defender XDR threat response (axios supply chain attack IOC scan)

Everything is battle-tested in production on a real tenant. Feedback and PRs welcome.

#BlueTeam #M365 #Intune #EntraID #PowerShell #InfoSec

After more runs than I can count in under 24h, I can say it without hesitation: Vampire Crawlers is my GOTY 2026 so far.

Stunning visuals with an excellent use of HDR, an OST that stays in your head, card combos that make you feel like you're breaking the game every single run… and a progression system that always pulls you back for one more.

Poncle did it again. Best 10$ spent this year.

#VampireCrawlers #VampireSurvivors #Gaming #GOTY2026 #Roguelite #Deckbuilder

🔐 Just shipped a fix for the April 2026 Windows update (KB5083769) that flags unsigned RDP files as "Unknown Publisher".
If you manage RDP shortcuts via Intune and your users are suddenly seeing red security warnings — here's a complete solution:
✅ Self-signed code signing cert (no PKI required)
✅ rdpsign.exe signing workflow
✅ Intune Win32 package (install + uninstall scripts)
✅ Trusted Certificate profile + Settings Catalog policies
✅ Versioned detection rule for clean updates
✅ Supersedence pattern for migrating from unsigned deployments
Tested in production on a real M365 Business Premium environment.
🔗 github.com/Bluewal/m365-intune-scripts/tree/main/intune/rdp-signing
#Intune #Microsoft365 #RDP #BlueTeam #WindowsSecurity #MicrosoftDefender

🔍 Audit before you block — 3 new PowerShell scripts for M365 Business Premium:

→ Shared mailbox sign-in & license audit
→ Admin account MFA & stale account audit
→ Legacy auth protocol usage audit

All via Microsoft Graph. Run them before deploying your CA policies — no surprises in prod.

🔗 github.com/Bluewal/m365-intune-scripts

#infosec #Microsoft365 #EntraID #PowerShell #BlueTeam

🔒 Blocking Device Code Flow in M365, full mini-toolkit now on GitHub:

1️⃣ Audit script => verify zero legitimate usage before blocking (all 4 Entra sign-in log types)
2️⃣ CA policy JSON => ready to import, just replace your break-glass group ID

🔗 https://github.com/Bluewal/m365-intune-scripts/tree/main/entra/device-code-flow

#infosec #Microsoft365 #EntraID #ConditionalAccess #BlueTeam #PowerShell

Am I part of the cool kids now ? #bag #r4 #NintendoDS

So happy that my Nomos’s crystal isn’t scratched! I took it to the watchmaker, and I don’t know how, but dust had gotten inside. #Watches #Nomos

What an album ! #NicolasJaar never disappoint ! So many layers, so many textures. It's REALLY good. #Music

Buy the dip ! #notfinancialadvice