Join @olafhartong in his journey down the rabbit hole in search of new detection opportunities in the #Zeek telemetry embedded in Microsoft's EDR #MDE! Detection engineering is sometimes hard … 😎
https://t.co/uBOYsFFD24
#detectionengineering#kql#blueteam
Upcoming FalconForce Sentry Detect webinar! Register now: https://t.co/yOEjpd1S5W Join us on Wednesday 22 January 2025, 16:00h CET, to get actionable insights on how we deliver and maintain high-fidelity bespoke detection content. Facilitated by @olafhartong and @0xffhh
We are happy to announce our collaboration with @Division5io in hosting our Advanced Detection Engineering in the Enterprise training in Brisbane, Australia in Feb 2025. Learn more from @olafhartong and @0xffhh on detection engineering. Register via: https://t.co/Esy9EDpM6K
In two weeks, the 36th annual #FIRST Conference 2024 is held in Fukuoka, Japan. @olafhartong will present on attack path based detection engineering. When you're in the area, please come over and join us. More information: https://t.co/7CWeOpaVV7
We are proud to finally share some great research by Arnau Ortega on a 1-click #Azure tenant takeover attack. You can read all about it in our latest blog post. It explains how we could take over any Azure tenant; just by clicking one legitimate link 😨
https://t.co/WHMNJpPC7B
We are thrilled to publish SOAPHound: a custom-developed data collector tool to enumerate Active Directory environments via the ADWS-protocol. Enjoy!
https://t.co/xO0Jv9ONNd
We learned from the security community that a lot of defenders struggle with adopting #BloodHoud data into their workflow. That’s why we have developed #FalconHound. Read more about it and how to use it in your environment in our latest blog post.
https://t.co/5gPtqy89VQ
It was inspiring to see so many security enthusiasts and professionals come together. We are also happy to have received great feedback on our detection engineering training at #blackhat2023. FalconForce also volunteered in the Blue Team Village at #defcon31. See you next year!
We welcome Nikolas Mantas (https://t.co/hlDtXatINR) to the @falconforceteam as purple teaming specialist! Nikolas has a passion for detection engineering and combines that with his experience as incident responder and firefighter 👨🚒. We are proud to have you with us!
Introducing the Living Off The Land Drivers (LOLDrivers) project, a crucial resource that consolidates vulnerable and malicious drivers in one place to streamline research and analysis.
https://t.co/hORF6hMqEr
LOLDrivers enhances awareness of driver-related security risks and empowers organizations to mitigate these risks, improving their overall cybersecurity posture. By fostering collaboration and knowledge sharing within the cybersecurity community, LOLDrivers, along with sister projects like LOLBAS and GTFOBins, paves the way for a safer and more secure digital landscape.
Read our release blog to learn all about the project and how to contribute
https://t.co/Fl2ywkXNuM
Huge shoutouts to @_josehelps , @bohops , @nas_bench , @cyb3rops and @mattnotmax for their invaluable contributions and unwavering support in bringing the LOLDrivers project to fruition. As we celebrate this milestone, we now invite the broader cybersecurity community to join us in this endeavor. Together, we can continue to enhance the project and share knowledge. Thank you once again to our amazing team, and let's keep the momentum going!
We are looking for experienced #detectionengineers who dare to ask the hard questions and want to shape the future of modern threat detection! Sounds like you? Check out our website: https://t.co/8PPzTAl6Ig and reach out!
Public intelligence datasets can be great to improve your detections. In this #FalconFriday blog, we look into how these public feeds can be added to Sentinel watchlists and kept up-to-date with Azure Logic Apps. Enjoy!
https://t.co/Ai9f8QiJHj
We welcome Theo Raedschelders (https://t.co/wRti8jizxd) to the FalconForce team as purple teaming specialist! Theo, with an impressive career in mathematics and academic research, and a big 💜 for security, we are proud to have you with us!
The next edition of my MDE-internals blog series has just been published on our blog. This edition dives into the telemetry and some of the audit settings that might currently cause you some blind spots.
https://t.co/CNifn4eHs6
#MDE#DetectionEngineering#FalconForce
The new FalconFriday is out and focuses on detecting attacks that abuse malicious modifications to Active Directory, for example, in relaying attacks. Our detections give you a head start in identifying known and unknown attacks that rely on these changes!
https://t.co/cFZ2HPa3kh