In this blog, we explore how detect and investigate file transfer activities, including FTP uploads/downloads, Impacket SMB interactions, and LOLBin abuse with focus on MDE telemetry.

Ready to move beyond just reading about cybersecurity and actually start building your skills? In this hands-on guide, you’ll learn how to set up your own attack and defense lab using Azure Arc, without draining your wallet. We’ll walk through connecting your on-prem Active Directory to the cloud and deploying Microsoft Sentinel to monitor key security and Sysmon logs. It’s a practical, hybrid environment where you’ll gain real-world experience. Let’s get to work.