GeekIO - IT Security ¦ Guides ¦ Tools

KQL in SecOps (2) - Mastering Filtering, Projection, and Sorting

Welcome to Part 2 of our KQL in Security Operations Series . Last time, we introduced Kusto Query Language (KQL) and explored why it is critical for SOC analysts using Microsoft Sentinel. We’ll build on that foundation and dive into the fundamentals of querying data —filtering logs, selecting the right fields, and sorting results. Mastering these skills is essential for writing efficient, actionable KQL queries that power threat hunting, alert investigation, and detection

Jan 54 min read

KQL in SecOps (1) - Why Every Security Analyst Must Learn KQL

What KQL is, Why it is critical for SOCs, How analysts use it daily, Common misconceptions and best practices.

KQL

Dec 22, 20256 min read

AI Prompt Injection Explained: Risks, Attack Examples & 7 Defense Methods

Dec 13, 20254 min read

AI and Cybersecurity: Transforming the Landscape in 2026

Explore how AI empowers both sides of the security equation, the emerging purple team collaborations that unite them, and the governance needed to keep innovation secure.

Nov 8, 20254 min read

Google Dorks - Advanced Search

Explore what Google dorks are, how to use them effectively, and provide real-world examples for practical use.

Open Source Intel (OSINT)

Oct 14, 20253 min read

Essential Cybersecurity Tools and Practices: Your Guide to Staying Safe Online

This post explores the key categories of protection—VPNs, password managers, EDR solutions, SIEM systems, and security awareness training—and highlights three recommended tools or services in each category.

Web Security

Sep 27, 20256 min read

Understanding Scattered Spider: The New Face of Cybercrime

Scattered Spider (UNC3944) is a loosely affiliated but highly skilled cybercrime group first observed around May 2022. Known for their adaptability, they operate under multiple aliases including Octo Tempest, Muddled Libra, and 0ktapus. At first, they specialized in SIM swapping and credential theft.

Phishing

Sep 26, 20254 min read

UNC6395: From GitHub to Salesforce, Inside the Supply‑Chain Breach

A compromise of Salesloft’s GitHub kicked off a supply‑chain campaign that used stolen OAuth tokens from Drift to export data at scale from Salesforce.

Threat Actors

Sep 11, 20254 min read

APT36 Explained: Transparent Tribe’s Tools, Targets & IOC's

APT36—also known as Transparent Tribe, Mythic Leopard, ProjectM, and Earth Karkaddan—is a Pakistan-based advanced persistent threat (APT) group active since at least 2013.

Threat Intel

Sep 6, 20254 min read