KDA: Echoes of Deception - Case 4
Someone hacked Digitown's municipality and stole classified documents. 45 million rows of router traffic, an IP lookup table, and KQL's anomaly detection to find who did it.
How to
16 posts
KDA: Echoes of Deception - Case 3
20 stolen cars with swapped license plates - using KQL to trace VIN changes through traffic data and find the common storage location.
KDA: Echoes of Deception - Case 2
Digitown's citizens are being targeted by phishing calls. Using KQL, I analyze call patterns - duration, hidden caller IDs, and disconnect behavior - to unmask the phisher.
KDA: Echoes of Deception - Case 1
Digitown's utility bills doubled overnight. Using KQL and the EXPLAIN feature, I dig through billing data to find duplicate charges and negative consumption.
KDA: Echoes of Deception - Onboarding
A walkthrough of the Kusto Detective Agency UI and the onboarding challenge - finding which detective earned the most bounty money in 2022.
Kusto Detective Agency - Intro
I have a soft spot for Kusto. This series walks through the Kusto Detective Agency challenges - data mysteries you solve with KQL instead of a magnifying glass.
Deploy at Low Priority
A utility script for deploying schema changes without a maintenance window - using a time-based loop, lock checking, and GOTO to minimize blocking on busy SQL Servers.
Default event_file path for Extended Events
Create an Extended Events session with just a filename and the .xel file lands somewhere - but where? Here's what the default path is and how to change it.
Efficient Cheating at Lego Video Games
My daughter's LEGO game makes you re-enter every cheat on a clunky six-dial lock. So I built a TSQL solver to find the shortest path through all of them.
SQL Server Module Signing for Secure Cross-Database Access
I keep relearning how to set up secure cross-database access, so here's the reminder: a diagram plus a full follow-along example you can run yourself.
Query Hash and Query Plan Hash Mapping
Ever struggled to match the binary hash from DMVs and Query Store against the numeric one in Extended Events? Let's fix that for good.
SQL Wordle Series - Part Two: Playing
Last time we cheated. This time we actually play: a set-based scoring engine in TSQL, duplicate letters and all.
SQL Wordle Series - Part One: Cheating
Your Twitter feed is probably already full of Wordle posts, so why not one more? Let's start the series the lazy way: by cheating.
Discover potential obstacles in your design
One query against sys.messages can reveal every edge case SQL Server knows about before you commit to a new design.
Investigating Errors With Extended Events
Production errors are hard to reproduce. Here's my go-to Extended Events session that captures errors with their full TSQL calling stack.
Generate XML documents efficiently
Believe it or not, there is a wrong and correct way when it comes to generating XML documents in SQL.