I wonder if there is a positive correlation between those who agree with ‘guns dont kill ppl, ppl kill ppl’ and those who agree with ‘github shouldn’t have removed the exchange poc’. Not judging, just curious...🤷🏻‍♂️

CVSS 9.9! The vulnerability we (+Ophir Harpaz 🎗️) found, CVE-2021-28476 (Hyper-V RCE), was patched today! Our research, fuzzer and vulnerability details was submitted to Black Hat and DEF CON, there is a lot to look forward to. msrc.microsoft.com/update-guide/v…

😞😞

I got my shot yesterday but I think I got the wrong one. Instead of Pfizer, I'm seeing an AstraZeneca WiFi everywhere I go :( Anybody managed to crack the handshake already and get the master password?

Stay tuned for the AD CS detection rules. FalconForce Official is currently working hard to write and test reliable detections usable in production environments. Don't forget to checkout the whitepaper by Lee Chagolla-Christensen and Will Schroeder, they've done most detection engineering already. THNX

Reverse engineering undocumented windows api’s is so frustratingly slow.😑😑 Luckily, the pot of offensive gold and the end of the rainbow is big 😈😈mwuahaha

Happy Friday everybody! This edition of #FalconFriday we focus on detection backup tampering on Azure. medium.com/falconforce/fa… #FalconForce #AzureBackup #DetectionEngineering #DFIR

Does anybody know the max number of APIs you're allowed to use in a CS BOF? I'm apparently hitting a limit, but don't know what the limit is and don't know if the limit is the number of unique APIs or total number of calls to Win32 APIs. Any help and retweet appreciated.

Putting a fake password for honey account in GPP passwords. Mwuahahah 😈

👇👇

Does anyone know what the status is of API Monitor? Is in dead? Will it ever get an update or be open sourced? I have so many usecases and/or feature requests…🤯 Cc: rohitab.com

It’s #FalconFriday and summer is here! Take a refreshing dive into our newest blog, where we will shed some light on how Certipy and Rebeus work with UnPAC-the-hash and shadowing creds, and how to detect these techniques with our free #Kusto detections. medium.com/falconforce/fa…

Does anyone have a working .NET core gadget for a deserializing vulnerability with json.net? The documented .NET framework gadgets don’t work in core. #SharingIsCaring

Hey KLM, i’m waiting for 6 months already for a claim to be handled. Don’t you think it’s about time to fix this? Already called you a few times and you keep saying ‘it’s busy’. So taking the shaming route now…

Having an implant running undetected on an edr protected machine is all cool, but detecting TAs is just ~20% about detecting their implant. Detecting the stuff they do with their implant is what matters way more. Local priv esc, cred dumping, lateral movement, etc. Just saying 🤷‍♂️

Sponsor Spotlight | FalconForce Official We would like to thank FalconForce for being a Silver Sponsor for Deadwood 2023! Check out all about their company and services here: falconforce.nl/?utm_campaign=…