Organisations store heaps of important data, which is important to their business processes or can be considered intellectual property.
Our blog
Direct system calls are a popular technique used by attackers to bypass certain EDR solutions.
Sometimes, simple queries can be quite effective. One example of that is a rule we recently developed to detect processes that start without SYSTEM privileges, and spawn child processes that do have SYSTEM privileges.
On June 17th Will and Lee over at SpecterOps have published their impressive and detailed research into Microsoft Active Directory Certificate Server (AD CS)(mis)configurations in a blog and whitepaper.
After a few missed editions of FalconFriday, we are back! Today, we will cover some detections specifically for attacks related to AzureAD.
In this FalconFriday, we have two queries that allow you to detect password spraying attacks.