Post-Image

FalconFriday — Teams RCE & FireEye tools— 0xFF09

Today we have a special FalconFriday, covering two big events of the past week. First, we’ll be detailing the hunt we released earlier this week for detecting abuse of the Microsoft Teams Remote Code Execution (RCE) vulnerability. Next, we have some Kusto hunts based on the indicator repo FireEye published after they announced their breach.

Cross post from medium.com, please read the full article here:

https://medium.com/falconforce/falconfriday-teams-rce-fireeye-tools-0xff09-22f7b6363831

Direct link to our Github page:

https://github.com/FalconForceTeam/FalconFriday