diff --git a/General queries/wifikeys.txt b/General queries/wifikeys.txt
new file mode 100644
index 00000000..059636e1
--- /dev/null
+++ b/General queries/wifikeys.txt	
@@ -0,0 +1,9 @@
+// List commands the exposed WIFI Keys
+// @mattiasborg82
+// blog.sec-labs.com
+DeviceProcessEvents 
+| where Timestamp > ago(7d)
+| where ProcessCommandLine startswith "netsh.exe"
+| where ProcessCommandLine has "key=clear"
+| project Timestamp, DeviceName, InitiatingProcessFileName, FileName, ProcessCommandLine
+| top 100 by Timestamp