FalconForce

FalconFriday — Code execution through Microsoft SQL Server and Oracle Database — 0xFF19

By Jos van der Peet
at November 26, 2021

During red teaming engagements we often encounter database credentials in, for example, database scripts.

BOF2shellcode — a tutorial converting a stand-alone BOF loader into shellcode

By Gijs Hollestelle
at November 5, 2021

TL;DR — At FalconForce we love purple teaming, meaning that we engage in both red teaming and blue teaming.

Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01

By Olaf Hartong
at October 15, 2021

It is not a big secret that we at FalconForce work a lot with, and are big fans of, both Microsoft Defender for Endpoint (MDE) and Sysinternals Sysmon.

FalconFriday — Stealing and detecting Azure PRT cookies — 0xFF18

By Henri Hambartsumyan
at October 1, 2021

TL;DR: There is a lot of great research available on how to obtain an Azure Primary Refresh Token (PRT) cookie, post-exploitation.

FalconFriday — Detecting ASR Bypasses — 0xFF17

By Henri Hambartsumyan
at September 10, 2021

Today’s blog is about detection of a bypass for the ASR rule “Block Office applications from creating executable content”.

FalconFriday — Detecting UAC Bypasses — 0xFF16

By Gijs Hollestelle
at August 20, 2021

Attackers often require full administrative privileges on a machine to be able to use their full attack capabilities.

Our blog