Sharing our knowledge
Knowledge center
Exploring WinRM plugins for lateral movement
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
Detection engineering rabbit holes - parsing ASN.1 packets in KQL
[dsm_breadcrumbs show_home_icon="off" separator_icon="K||divi||400" admin_label="Supreme Breadcrumbs" _builder_version="4.18.0" _module_preset="default" items_font="||||||||" items_text_color="rgba(255,255,255,0.6)" custom_css_main_element="color:...
FalconFriday — Using public intelligence feeds to improve detections — 0xFF22
FalconFriday — Detecting Active Directory Data Collection — 0xFF21
FalconFriday — Detecting ADCS web services abuse — 0xFF20
FalconFriday — Detecting LSASS dumping with debug privileges — 0xFF1F
Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation
Microsoft Defender for Endpoint Internals 0x02 — Audit Settings and Telemetry
FalconFriday — Detecting UnPACing and shadowed credentials—0xFF1E
FalconFriday — Detecting malicious modifications to Active Directory — 0xFF1D
Debugging the undebuggable and finding a CVE in Microsoft Defender for Endpoint
No results found.
Together. Secure. Today.
Stay in the loop and sign up to our newsletter
FalconForce realizes ambitions by working closely with its customers in a methodical manner, improving their security in the digital domain.
Energieweg 3
3542 DZ Utrecht
The Netherlands
FalconForce B.V.
[email protected]
(+31) 85 044 93 34
KVK 76682307
BTW NL860745314B01