FalconForce

Generic placeholder image

FalconFriday — Teams RCE & FireEye tools — 0xFF09

By Henri Hambartsumyan
at December 11, 2020

Today we have a special FalconFriday, covering two big events of the past week.

Read more

Generic placeholder image

FalconFriday — RPC service creation & SharpRDP

By Olaf Hartong
at December 4, 2020

In today’s edition, we’ll cover two techniques: Remote service creation over RPC and SharpRDP.

Read more

Generic placeholder image

FalconFriday — Parent-child relationships & impersonation with RunAs

By Henri Hambartsumyan
at November 20, 2020

In today’s edition, we’ll cover two techniques: suspicious parent-child process relationships and impersonation with the RunAs command.

Read more

Generic placeholder image

FalconFriday — DLL hijacking & suspicious unsigned files

By Henri Hambartsumyan
at November 6, 2020

In today’s edition, we’ll cover two techniques: privilege escalation through DLL hijacking and masquerading files as unsigned processes.

Read more

Generic placeholder image

FalconFriday — DCOM & SCM Lateral Movement

By Henri Hambartsumyan
at October 23, 2020

This FalconFriday is focused on lateral movement. Especially lateral movement through DCOM, a technique used by many red teams.

Read more

Generic placeholder image

FalconFriday — Evasive LOLBINs and burning the CACTUSTORCH

By Henri Hambartsumyan
at October 9, 2020

We realized that the previous versions of FalconFriday were “too blue”.

Read more

5
6
7
8
9