In this edition of FalconFriday, we are going to revisit process injection techniques.

Today’s blog is based on Olaf Hartong’s recent research on malware behavior at scale.

In today’s edition, we’ll share a method of detecting beaconing C&C traffic from large data sets of proxy traffic.

In today’s edition, we’ll cover a technique and a new feature in Microsoft Defender for Endpoint: PE header information.

Welcome to the first FalconFriday post of 2021, in this post we provide background information on detecting malicious scheduled tasks using Microsoft Defender for Endpoint, and provide a query that can be used to automatically detect certain malicious scheduled tasks.

In this year’s final FalconFriday we revisit the possibly most loved and hated feature of both attackers and defenders: MS Office macros.