Microsoft Defender
Lessons from the field. Always landing on my feet.
Copy Fail in the Cloud: A Defender, Sentinel, and AKS Response Guide for CVE-2026-31431
A Linux local privilege escalation bug is easy to dismiss if you only think in traditional server terms. An attacker already needs local access, so how bad can it be? In cloud environments, that assumption breaks fast. A compromised container, a β¦
Agent 365 Launch Playbook: I Tested the Defender Response for AI Agent Attacks
Microsoft announced that Agent 365 would become generally available on May 1, 2026. Most launch-week posts explain what it is. I wanted to answer a different question: What does an AI agent attack look like in a real Microsoft defender stack as Agent β¦
Scan Every Blob, Trace Every Read: Defender for Storage + Sentinel
Storage is where malware waits. A blob uploaded to ingest/ by a pipeline step, a partnerβs SFTP connector, or a misconfigured Logic App sits quietly until something downstream opens it β a Data Factory copy, a Function app, a Synapse notebook, a β¦
AKS Runtime Security: Binary Drift, Anti-Malware & Gated Deployment with Defender for Cloud
In December, I published a post on securing the container supply chain β SBOM generation, image signing, and build provenance with GitHub Actions. That covered build-time security: making sure the image you ship is the image you built. But what β¦