👋🏻 Hey there — I’m David, a cybersecurity and threat hunting nerd with a passion for parsing chaos into clarity. I’m proud to be a Microsoft MVP in Security (SIEM & XDR), and I use this blog as my digital outpost for sharing what I’ve learned (and what I’m still figuring out) when it comes to threat detection, log investigation, and data parsing in modern SOC environments.
Whether it's exploring the weird edge cases of KQL, reverse-engineering beaconing patterns, or just having a bit of fun with SIEM-ingly useless detections, this is where it all gets documented — clearly, practically, and sometimes with a touch of humor.
🧠 What to expect here:
- Deep dives into Microsoft Sentinel, Defender XDR, and related tools
- Tips, tricks, and cheat sheets for KQL, Log Analytics, and detection building
- Thought experiments, proof-of-concepts, and the occasional meme query
- Blog series like Logwatcher's Zenit, Dirty Bits, and the fun-loving KQLture Club
📝 I believe cybersecurity knowledge should be shared, not hoarded. So if you’re into signal over noise, meaningful detection engineering, or just enjoy nerding out over log data — you’re in the right place.
📧 Feel free to reach out, comment, or just lurk quietly in the background. We’ve all got logs to hunt and coffee to drink.
🗂️ This repository contains all the code that I've published on the ThreatHunter Chronicles blog. Use the code examples at your own risk. These does NOT come with any guarantee.
🌍 URL to the blog: https://threathunter-chronicles.medium.com/
🪵 Logs don't lie.