FalconForce

Generic placeholder image

FalconFriday — Evasive LOLBINs and burning the CACTUSTORCH

By Henri Hambartsumyan
at October 9, 2020

We realized that the previous versions of FalconFriday were “too blue”.

Read more

Generic placeholder image

The curious case of Realtek and LSASS

By Henri Hambartsumyan
at October 2, 2020

Introduction I was working on building some new hunts in Microsoft Defender ATP (MDATP).

Read more

Generic placeholder image

Why communication and management is crucial in red teaming exercises

By Givan Kolster
at September 28, 2020

Many great blogs and articles have been published around the technical aspects of offensive security services.

Read more

Generic placeholder image

FalconFriday — Process injection and malicious CPL files

By Henri Hambartsumyan
at September 25, 2020

We believe there isn’t enough content available to detect advanced adversary techniques.

Read more

Generic placeholder image

Sysmon 12.0 — EventID 24

By Olaf Hartong
at September 18, 2020

Sysmon 12 is out, with a new event ID: number 24.

Read more

Generic placeholder image

FalconFriday: Detecting suspicious code compilation and Certutil

By Olaf Hartong
at September 11, 2020

We believe there isn’t enough content available to detect advanced adversary techniques.

Read more

1
2
3
4