FalconFriday — Evasive LOLBINs and burning the CACTUSTORCH

We realized that the previous versions of FalconFriday were “too blue”. Starting from this part, we will cover each rule also from a Red perspective and provide some blind spots to abuse. Today’s content

-> Hunting renamed LOLBINs that try to evade detection. -> Detecting CACTUSTORCH and similar DotNetToJS techniques.

Cross post from, please read the full article here:

Direct link to our Github page: