Maestro lets you interact with Intune/EntraID from a C2 agent w/o passwords or token manipulation, streamlining your post-exploitation tasks. Stop by Chris Thompson's demo lab this weekend while you're at #DEFCON32 & learn more. ghst.ly/3Yll3SnSn

We are happy to announce our collaboration with Division 5 in hosting our Advanced Detection Engineering in the Enterprise training in Brisbane, Australia in Feb 2025. Learn more from Olaf Hartong and JMP RSP on detection engineering. Register via: division5.io/ADEitE2025.html

.Rich Warren & Johnny Fishcake are discussing how to exploit corporate VPN clients for remote root & SYSTEM shells. Join to see live demos on Windows & macOS vulnerabilities & how attackers gain control w/ just one click. Register Free: sans.org/u/1vBt #SANSHackFest

We have good news for those who missed out on our Advanced Detection Engineering in the Enterprise training at Black Hat US. Our ADE training is coming to Black Hat Asia 2025, in Singapore! Registration is open! Information and registration: blackhat.com/asia-25/traini…

My first blog with FalconForce Official! Check it out if you want to learn a few things about Azure DevOps.

Detection Engineering is sometimes hard, and may fail. Still a lot of things can be learned by the process. In this blog I cover a lot. I had a detection, currently it's broken but MS is on it :D falconforce.nl/detection-engi…

Adding to my ETW research toolkit, a tiny program to consume information from a provider with as little overhead as possible. PockETWatcher, a tool to get the essential information from a ETW provider to the CLI or a JSON file github.com/olafhartong/Po…

Come and join us in this public version of our Advanced Detection Engineering training in the beautiful Switzerland!

Have a great start of this new year! Join our webinar with Olaf and Henri who will go in depth on how FalconForce continuously delivers high-quality detection content for #SOC teams around the world. Register now: events.teams.microsoft.com/event/70005169…

Our Advanced Detection Engineering in the Enterprise training is once again accepted for BlackHat USA! We’re excited to show all content. We walk through two realistic red team scenarios and build detections for on-prem and Azure attacks which are missed out-of-the-box.

n our latest blog, we follow Arnau (linkedin.com/in/arnauortega/) on his journey to leverage #WinRM plugins for lateral movement. A deep rabbit hole that ultimately led to a custom plugin, #BOF and a solid detection in our #FalconFriday repository 🦅falconforce.nl/exploring-winr…

We are hiring offensive specialists! We are looking for experienced professionals who deliver high-quality offensive security services to help our client's defensive teams become more resilient. Sounds like you? falconforce.nl/falconforce-of… #offensivesecurity #purpleteam #redteam

We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them. falconforce.nl/dawshund-frame…

New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…

.NET GAC and NIC hijacking for lateral movement: williamknowles.io/net-gac-and-ni…

Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂 sapirxfed.com/2025/04/28/exp…

One of the least discussed topics in detection engineering is maintenance. But why is no one talking about this? In this first blog we explore its relevance to #detectionengineering and the paradox that keeps us awake at night. Enjoy! falconforce.nl/why-is-no-one-…

Wow, very excited to delivery my first offensive talk at #BHUSA this summer

In about an hour I’ll present my talk I’m in your logs now, deceiving your analysts and blinding your EDR at #BHUSA25 Black Hat in Islander E/I. Come and hang out!

During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. github.com/olafhartong/Ba… Slides available here: github.com/olafhartong/Pr…