FalconForce

FalconFriday — Detecting realistic AWS cloud-attacks using Azure Sentinel — 0xFF1C

By Gijs Hollestelle
at February 11, 2022

On January 28th, Christophe Tafani-Dereeper released the open source Stratus Red team attack simulation tool.

FalconFriday — Suspicious named pipe events — 0xFF1B

By Olaf Hartong
at January 14, 2022

TL;DR for blue teams: Attackers use named pipes to conveniently move laterally and mostly bypass detection.

FalconFriday —Monitoring for public shares — 0xFF1A

By Jos van der Peet
at December 17, 2021

In this blog we will explore the possibilities to use Microsoft Sentinel to monitor a Windows environment for the creation of public SMB shares.

FalconFriday — Code execution through Microsoft SQL Server and Oracle Database — 0xFF19

By Jos van der Peet
at November 26, 2021

During red teaming engagements we often encounter database credentials in, for example, database scripts.

BOF2shellcode — a tutorial converting a stand-alone BOF loader into shellcode

By Gijs Hollestelle
at November 5, 2021

TL;DR — At FalconForce we love purple teaming, meaning that we engage in both red teaming and blue teaming.

Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01

By Olaf Hartong
at October 15, 2021

It is not a big secret that we at FalconForce work a lot with, and are big fans of, both Microsoft Defender for Endpoint (MDE) and Sysinternals Sysmon.

Our blog