>BEC Checker
Investigating a suspected Business Email Compromise? Enter the account's email address (UPN) and, as your investigation progresses, add the suspicious IPs you find — every hunt query below updates live and narrows to those IPs. Pick your hunting platform — Microsoft Defender XDR (Advanced Hunting, Timestamp) or Microsoft Sentinel (Log Analytics, TimeGenerated) — and the queries rewrite themselves with the right table and column names. It covers access-origin triage, mail objectives, OAuth consent phishing, and attacker device-code / device & MFA registration persistence; the portal steps cover what KQL can't reach. Nothing is sent anywhere — this all runs in your browser. Powered by the >SudoTrace BEC module.