The Sysinternals team has released a new version of Sysmon. This brings the version number to 13.
In this edition of FalconFriday, we are going to revisit process injection techniques.
In today’s edition, we’ll share a method of detecting beaconing C&C traffic from large data sets of proxy traffic.
In today’s edition, we’ll cover a technique and a new feature in Microsoft Defender for Endpoint: PE header information.
Welcome to the first FalconFriday post of 2021, in this post we provide background information on detecting malicious scheduled tasks using Microsoft Defender for Endpoint, and provide a query that can be used to automatically detect certain malicious scheduled tasks.