On June 17th Will and Lee over at SpecterOps have published their impressive and detailed research into Microsoft Active Directory Certificate Server (AD CS)(mis)configurations in a blog and whitepaper.

After a few missed editions of FalconFriday, we are back! Today, we will cover some detections specifically for attacks related to AzureAD.

In this FalconFriday, we have two queries that allow you to detect password spraying attacks.

The Sysinternals team has released a new version of Sysmon. This brings the version number to 13.

In this edition of FalconFriday, we are going to revisit process injection techniques.

Today’s blog is based on Olaf Hartong’s recent research on malware behavior at scale.