Hunting For Dead Azure Machines
TLDR: Decom your test machines properly! Hashes are still useful after the machine is gone Background Decided to write this up as a post because I found it mildly interesting and something I haven't seen yet in the Blue Team world! New Toys are fun I have been learning the ins and outs of Sentinel for the past few weeks and after getting fed up with writing KQL alarms decided to use it to hunt some bots online. Fastest way to find bots online................spin up a Windows VM in Azure and set all ports to be open. 20,266 logins in 12 hours! Should be enough to get started. ...