FalconFriday — Masquerading; LOLBin file renaming — 0xFF0C

Post-Image

FalconFriday — Masquerading; LOLBin file renaming — 0xFF0C

In today’s edition, we’ll cover a technique and a new feature in Microsoft Defender for Endpoint: PE header information.

Cross post from medium.com, please read the full article here:

https://medium.com/falconforce/falconfriday-masquerading-lolbin-file-renaming-0xff0c-b01e0ab5a95d

Direct link to our Github page:

https://github.com/FalconForceTeam/FalconFriday