Sign in Get started

Tagged in

Defender For Endpoint

FalconForce

A team of highly specialized security professionals

More information

Followers

686

Elsewhere

More, on Medium

Defender For Endpoint

Olaf Hartong in FalconForce

Microsoft Defender for Endpoint Internals 0x05 — Telemetry for sensitive actions

Olaf Hartong in FalconForce

Microsoft Defender for Endpoint Internals 0x04 — Timeline telemetry

Henri Hambartsumyan in FalconForce

FalconFriday — Detecting ADCS web services abuse — 0xFF20

Olaf Hartong in FalconForce

FalconFriday — Detecting LSASS dumping with debug privileges — 0xFF1F

Credential dumping from Local…

Olaf Hartong in FalconForce

Microsoft Defender for Endpoint Internals 0x03 — MDE telemetry unreliability and log augmentation

Olaf Hartong in FalconForce

FalconFriday — Suspicious named pipe events — 0xFF1B

Olaf Hartong in FalconForce

Sysmon vs Microsoft Defender for Endpoint, MDE Internals 0x01

Henri Hambartsumyan in FalconForce

FalconFriday — Detecting ASR Bypasses — 0xFF17

TL;DR: Today’s blog is about detection of a bypass for the ASR rule “Block…

Gijs Hollestelle in FalconForce

FalconFriday — Detecting UAC Bypasses — 0xFF16

Attackers often require full administrative privileges on a machine to be able…

Henri Hambartsumyan in FalconForce

FalconFriday — DLL hijacking & suspicious unsigned files 0xFF06