Bat Otgonbayar — Cybersecurity Writeups

Cybersecurity notes, labs, and case studies

I'm Bat Otgonbayar, a cybersecurity practitioner focused on identity, cloud security, Microsoft 365, Sentinel, and PowerShell automation. This site is where I document hands-on labs, investigations, and lessons learned from real technical projects.

Read writeups About me GitHub LinkedIn

Featured writeup

Cloud Security / Microsoft Sentinel

Building a Cloud SIEM Honeypot, Part 1: Watching the Internet Find a Windows VM

I exposed a throwaway Windows VM to the public internet, wired it into Microsoft Sentinel, and analyzed what showed up: failed logons, source IP concentration, username patterns, and one telemetry detail that challenged my assumptions.

June 2026 ~12 min read Azure KQL Blue Team

Writeups

Jun 2026

Building a Cloud SIEM Honeypot, Part 1

Azure VM exposure, Sentinel telemetry, Windows Event ID 4625, KQL detections, and real-world brute-force observations.

sentinelazurekqlhoneypot

Jun 2025

KQL Investigation Challenge: Call of the Cyber Duty

Completed all 10 cases in Kusto Detective Agency's Call of the Cyber Duty challenge, earning the full badge set and certificate while practicing KQL investigation workflows.

kqlazure-data-explorerthreat-huntingctf

Jul 2025

Building an Active Directory Home Lab: Part 1

Windows Server 2025, VMware Workstation Pro, host-only networking, and the foundation for a practical identity lab.

active-directorywindows-serveridentity

Jul 2025

Building an Active Directory Home Lab: Part 2

Creating 30 users, organizing OUs, and building security groups to turn the Secora lab into a more realistic identity environment.

active-directoryoussecurity-groupsidentitymedium

GitHub

Active Directory PowerShell Script Collection

Reusable PowerShell scripts for bulk user creation, inactive-account cleanup, ACL auditing, authentication review, secure backup auditing, and system health reporting.

powershellactive-directoryautomationgithub

About

I'm a detail-oriented cybersecurity practitioner with experience across identity management, access controls, Microsoft 365, endpoint support, and IT infrastructure. I like practical security projects that leave behind something useful: detections, scripts, diagrams, notes, or a repeatable process someone else can learn from.

My focus areas include Active Directory, Microsoft Entra ID, Intune, Microsoft Sentinel, Splunk, KQL, PowerShell, Azure, Okta, and security automation.

Email GitHub LinkedIn

Certifications

GIAC

GFACT GSEC GCIH

CompTIA

A+ Network+ Security+ CySA+

Microsoft / Okta

SC-300 AZ-900 SC-900 Okta Certified Professional