FalconForce

Generic placeholder image

FalconFriday — Parent-child relationships & impersonation with RunAs

By Henri Hambartsumyan
at November 20, 2020

In today’s edition, we’ll cover two techniques: suspicious parent-child process relationships and impersonation with the RunAs command.

Read more

Generic placeholder image

FalconFriday — DLL hijacking & suspicious unsigned files

By Henri Hambartsumyan
at November 6, 2020

In today’s edition, we’ll cover two techniques: privilege escalation through DLL hijacking and masquerading files as unsigned processes.

Read more

Generic placeholder image

FalconFriday — DCOM & SCM Lateral Movement

By Henri Hambartsumyan
at October 23, 2020

This FalconFriday is focused on lateral movement. Especially lateral movement through DCOM, a technique used by many red teams.

Read more

Generic placeholder image

FalconFriday — Evasive LOLBINs and burning the CACTUSTORCH

By Henri Hambartsumyan
at October 9, 2020

We realized that the previous versions of FalconFriday were “too blue”.

Read more

Generic placeholder image

The curious case of Realtek and LSASS

By Henri Hambartsumyan
at October 2, 2020

Introduction I was working on building some new hunts in Microsoft Defender ATP (MDATP).

Read more

Generic placeholder image

Why communication and management is crucial in red teaming exercises

By Givan Kolster
at September 28, 2020

Many great blogs and articles have been published around the technical aspects of offensive security services.

Read more

4
5
6
7
8