FalconForce

Generic placeholder image

FalconFriday — RPC service creation & SharpRDP

By Olaf Hartong
at December 4, 2020

In today’s edition, we’ll cover two techniques: Remote service creation over RPC and SharpRDP.

Read more

Generic placeholder image

FalconFriday — Parent-child relationships & impersonation with RunAs

By Henri Hambartsumyan
at November 20, 2020

In today’s edition, we’ll cover two techniques: suspicious parent-child process relationships and impersonation with the RunAs command.

Read more

Generic placeholder image

FalconFriday — DLL hijacking & suspicious unsigned files

By Henri Hambartsumyan
at November 6, 2020

In today’s edition, we’ll cover two techniques: privilege escalation through DLL hijacking and masquerading files as unsigned processes.

Read more

Generic placeholder image

FalconFriday — DCOM & SCM Lateral Movement

By Henri Hambartsumyan
at October 23, 2020

This FalconFriday is focused on lateral movement. Especially lateral movement through DCOM, a technique used by many red teams.

Read more

Generic placeholder image

FalconFriday — Evasive LOLBINs and burning the CACTUSTORCH

By Henri Hambartsumyan
at October 9, 2020

We realized that the previous versions of FalconFriday were “too blue”.

Read more

Generic placeholder image

The curious case of Realtek and LSASS

By Henri Hambartsumyan
at October 2, 2020

Introduction I was working on building some new hunts in Microsoft Defender ATP (MDATP).

Read more

2
3
4
5
6