Sharing our knowledge
Knowledge center
Exploring WinRM plugins for lateral movement
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
Detection engineering rabbit holes - parsing ASN.1 packets in KQL
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...

FalconFriday — Using public intelligence feeds to improve detections — 0xFF22

FalconFriday — Detecting Active Directory Data Collection — 0xFF21

FalconFriday — Detecting ADCS web services abuse — 0xFF20

FalconFriday — Detecting LSASS dumping with debug privileges — 0xFF1F

Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation

Microsoft Defender for Endpoint Internals 0x02 — Audit Settings and Telemetry

FalconFriday — Detecting UnPACing and shadowed credentials—0xFF1E

FalconFriday — Detecting malicious modifications to Active Directory — 0xFF1D

Debugging the undebuggable and finding a CVE in Microsoft Defender for Endpoint
No results found.
Together. Secure. Today.
Stay in the loop and sign up to our newsletter

FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
FalconForce B.V.
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01