Introducing: Falcon Friday

We believe there isn’t enough content available to detect advanced adversary techniques. That’s why every two weeks on “Falcon Friday”, we will release DATP/Sysmon hunting queries to detect offensive techniques.

As FalconForce, we are active in the “purple arena” — we want to practice as much defensive security as offensive security. Moreover, we want to share back to the community. Combining these two, we came up with the idea to develop hunting queries based on our offensive & defensive experience and share our “latest and greatest” hunting/alerting queries for everyone to use. We will start off with queries for Microsoft Defender ATP (DATP) & Sysmon, but might expand to other tools in the future.

Cross post from, please read the full article here: