This FalconFriday is focused on lateral movement. Especially lateral movement through DCOM, a technique used by many red teams.

We realized that the previous versions of FalconFriday were “too blue”.

Introduction I was working on building some new hunts in Microsoft Defender ATP (MDATP).

Many great blogs and articles have been published around the technical aspects of offensive security services.

We believe there isn’t enough content available to detect advanced adversary techniques.

Sysmon 12 is out, with a new event ID: number 24.