https://0xdarknighthacks.ayedialaa.org/Personal Blog documenting my Hacking Journey: CTF writeups, tool notes, Hacking methodology and mindset, exploits and red team tactics. 2026-05-09T17:57:30+01:00 Alaa Eddine Ayedi https://0xdarknighthacks.ayedialaa.org/ Jekyll © 2026 Alaa Eddine Ayedi /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-09T00:00:00+01:00 2026-05-09T00:00:00+01:00 https://0xdarknighthacks.ayedialaa.org/posts/MDI-Deep-Dive-Part3/ Alaa Eddine Ayedi

Microsoft Defender for Identity Deep Dive — Part 3: XDR Investigation, Hunting, and Response In Part 1, we treated Microsoft Defender for Identity as an identity telemetry engine. In Part 2, we looked at how MDI detections actually work: deterministic detections, behavioral baselines, thresholds, false positives, and detection limits. Now we move to the part that matters most in production: ...

2026-04-08T00:00:00+01:00 2026-04-08T00:00:00+01:00 https://0xdarknighthacks.ayedialaa.org/posts/MDI-Deep-Dive-Part2/ Alaa Eddine Ayedi

Microsoft Defender for Identity Deep Dive — Part 2: Detection Logic, Baselines, and Limits In Part 1, we looked at Microsoft Defender for Identity from an architectural perspective. The main point was simple: MDI is not just an AD alerting tool. It is the on-premises and hybrid identity signal engine inside Microsoft Defender XDR. That distinction matters even more when we start talking...

2026-04-01T00:00:00+01:00 2026-05-09T14:29:55+01:00 https://0xdarknighthacks.ayedialaa.org/posts/MDI-Deep-Dive-Part1/ Alaa Eddine Ayedi

Microsoft Defender for Identity Deep Dive — Part 1: Architecture, Sensors, and Identity Telemetry Microsoft Defender for Identity is often introduced as a tool that detects attacks against Active Directory. That description is not wrong, but it is incomplete. In real Microsoft Defender XDR environments, MDI should be understood as the on-premises and hybrid identity signal engine. Its job is...

2026-02-04T00:00:00+01:00 2026-02-04T00:00:00+01:00 https://0xdarknighthacks.ayedialaa.org/posts/active-directory-domains-and-trusts/ Alaa Eddine Ayedi

AD Domains and Trusts Active Directory (AD) domains are logical groupings of users, computers, and other network resources that simplify management and improve security within an organization. These domains act as containers, organizing resources based on policies, permissions, and administrative boundaries. Trusts are connections established between different domains, enabling them to commun...

2026-02-03T00:00:00+01:00 2026-02-04T12:41:22+01:00 https://0xdarknighthacks.ayedialaa.org/posts/DNS-server-security-using-DNSSEC/ Alaa Eddine Ayedi

Introduction DNS is a foundational service in any Windows-based infrastructure, but by design it does not provide authentication or integrity protection. This makes it vulnerable to attacks such as DNS spoofing, cache poisoning, and man-in-the-middle manipulation. DNS Security Extensions (DNSSEC) address these weaknesses by allowing DNS responses to be cryptographically validated, ensuring th...