In today’s edition, we’ll share a method of detecting beaconing C&C traffic from large data sets of proxy traffic.

In today’s edition, we’ll cover a technique and a new feature in Microsoft Defender for Endpoint: PE header information.

Welcome to the first FalconFriday post of 2021, in this post we provide background information on detecting malicious scheduled tasks using Microsoft Defender for Endpoint, and provide a query that can be used to automatically detect certain malicious scheduled tasks.

In this year’s final FalconFriday we revisit the possibly most loved and hated feature of both attackers and defenders: MS Office macros.

Today we have a special FalconFriday, covering two big events of the past week.

In today’s edition, we’ll cover two techniques: Remote service creation over RPC and SharpRDP.