The Sysinternals team has released a new version of Sysmon. This brings the version number to 13.

In this edition of FalconFriday, we are going to revisit process injection techniques.

Today’s blog is based on Olaf Hartong’s recent research on malware behavior at scale.

In today’s edition, we’ll share a method of detecting beaconing C&C traffic from large data sets of proxy traffic.

In today’s edition, we’ll cover a technique and a new feature in Microsoft Defender for Endpoint: PE header information.

Welcome to the first FalconFriday post of 2021, in this post we provide background information on detecting malicious scheduled tasks using Microsoft Defender for Endpoint, and provide a query that can be used to automatically detect certain malicious scheduled tasks.