BARK Detections: These KQL queries are designed to find use of the abuses in the BloodHound BARK toolkit in your Azure AD tenant. These queries are not designed to detect the use of BARK itself, just the behaviour that BARK simulates.

0
227

BARK Detections

These KQL queries are designed to find use of the abuses in the BloodHound BARK toolkit in your Azure AD tenant. These queries are not designed to detect the use of BARK itself, just the behaviour that BARK simulates. BARK is a wrapper for native Microsoft tooling so the same abuses could be carried out with Postman, or even in the Azure portal itself.

As a defender I recommend using this toolkit against your own Azure AD tenant and validating the queries against your own data …

Read More