ZeroExfil Research

Notes, research, and findings on staying secure

Practical writing for organizations and individuals who want to protect themselves, plus updates from the ZeroExfil platform.

Latest

Security Monitoring April 20, 2026 8 min read

Are You Aware of Your Monitoring Gaps?

Microsoft Defender is a powerful platform, but every system operating at scale makes trade-offs about which telemetry it captures. A small experiment on what file activity actually surfaces in DeviceFileEvents, and what that means for detecting exfiltration.