On January 28th, Christophe Tafani-Dereeper released the open source Stratus Red team attack simulation tool.
TL;DR for blue teams: Attackers use named pipes to conveniently move laterally and mostly bypass detection.
In this blog we will explore the possibilities to use Microsoft Sentinel to monitor a Windows environment for the creation of public SMB shares.
During red teaming engagements we often encounter database credentials in, for example, database scripts.
TL;DR — At FalconForce we love purple teaming, meaning that we engage in both red teaming and blue teaming.
It is not a big secret that we at FalconForce work a lot with, and are big fans of, both Microsoft Defender for Endpoint (MDE) and Sysinternals Sysmon.