FalconForce

We had a great time at @wildwesthackinfest.bsky.social @ Mile High 2026.
@olafhartong.nl was on stage sharing about his follow-up research. EDRs can be fooled by tampering with the data they rely on. If we can't trust our logs, how do we deal with that?

We look forward to the next edition of #WWHF!

Did you know that there is a very attractive rate for students? 🤫

FalconForce is proud to be part of SpecterOps' SO-CON conference in April.

And this year, there’s not one but two FalconForce talks at #SOCON!

More information and registration: specterops.io/so-con/

SOC analysts spend lots of valuable time on collecting more information, before being able to make decisions.

Want to know more? Join our waitlist (falconforce.nl/services/blu...) and request a demo today.

In a few weeks, we will be in Lausanne, Switzerland, for our 3-day workshop Advanced Detection Engineering in the Enterprise at @1ns0mn1h4ck.bsky.social. Get your tickets now: insomnihack.ch/workshops/ad...

SOC analysts spend lots of valuable time on collecting more information, before being able to make decisions.

Want to know more? Join our waitlist (falconforce.nl/services/blu...) and request a demo today.

FalconForce is proud to be part of SpecterOps' SO-CON conference in April.

And this year, there’s not one but two FalconForce talks at #SOCON!

More information and registration: specterops.io/so-con/

At FalconForce, we are always looking to enhance our detection engineering practices. In our latest #FalconFriday blog, we present the applied research that was done and our observations on near-real-time (NRT) analytic rules in practice: falconforce.nl/falconfriday...

The Insomni'hack (@1ns0mn1h4ck.bsky.social) cyber security conference takes place in Switzerland from March 16-20. We will once more facilitate our 3-day workshop Advanced Detection Engineering in the Enterprise.

Visit insomnihack.ch/workshops/ad... for more details and to secure your ticket.

FalconForce returns to @nsec.io in Montreal with our 3-day Advanced Detection Engineering workshop! The NorthSec security conference takes places in Montreal, Canada from May 11-17.

More information and registration: nsec.io/training/202...

During a cyber-attack (or red teaming exercise), SOC teams often struggle to detect the ‘right’ things.
With Sentry Detect we help you identifying which critical adversary techniques your current out-of-the-box detections miss. More information: falconforce.nl/services/blu...

We’re happy to join #WWHF once more. @olafhartong.nl has prepared a talk on some great #EDR (follow up) research he has been working on: “I’m In Your Logs Again; Spoofing and Causing Chaos”. Join him in-person or online on February 13!

Registration: wildwesthackinfest.com

The Insomni'hack (@1ns0mn1h4ck.bsky.social) cyber security conference takes place in Switzerland from March 16-20. We will once more facilitate our 3-day workshop Advanced Detection Engineering in the Enterprise.

Visit insomnihack.ch/workshops/ad... for more details and to secure your ticket.

FalconForce is proud sponsor of the Yellowhat cyber security conference on January 13, 2026.

@olafhartong.nl is co-presenting the talk “Inside MDE Telemetry: The Why, The How, and What’s Next”.

Visit yellowhat.live for event registration. Live Stream is available.

Happy New Year! 2026 has started and we are eager to share with you our ambitions for this brand-new year. 2026 is going to be very interesting and we are super excited! Sentry Respond We will… | Fal... Happy New Year! 2026 has started and we are eager to share with you our ambitions for this brand-new year. 2026 is going to be very interesting and we are super excited! Sentry Respond We will launch...

Happy New Year! 2026 has started and we are eager to share with you our ambitions for this brand-new year.

Read the full post: www.linkedin.com/feed/update/...

FalconForce is proud to be part of #SpecterOps’ SO-CON conference in April 2026. Marat will present a talk on abusing misconfigurations in #CyberArk to get high privileges: “4 Get requests = 3 Domain admins: CyberArk magic you didn’t know about”.

Tickets and registration: specterops.io/so-con/

FalconForce’s Agapios brings you an early Christmas present🎁: the second blog in #detectionengineering maintenance. Learn all about how data science can boost your detection maintenance … and keep you from herding sheep. Enjoy the read and happy holidays🎄

falconforce.nl/how-data-sci...

The sold-out #BSidesAmsterdam event, where 200+ information security enthusiasts joined, was a great day full of inspiring talks.

It brought brilliant minds together and created an atmosphere where new ideas could flow and people went home inspired. See you next year!

GitHub - FalconForceTeam/TelemetryCollectionManager: Manage and maintain Defender XDR custom collection configuration Manage and maintain Defender XDR custom collection configuration - FalconForceTeam/TelemetryCollectionManager

👉 Try our latest tool called Telemetry Collection Manager for easy deployment and maintenance of this new Custom Collection feature: github.com/FalconForceT...

Microsoft recently published a new feature for Defender for Endpoint (#MDE) called Custom Collection.

@olafhartong.nl explains what Custom Collection is and how it work in his blog: falconforce.nl/microsoft-de...

The Oesterreichische Nationalbank hosted this year’s TIBER-EU Provider Conference called T-REX (TIBER/TLPT Resilience Exchange). It was nice to see so many familiar faces at the TIBER-EU event in Vienna.

#redteaming #TLPT #TIBER #TIBEREU

We believe that community-driven events where people share knowledge about information security are crucial. If we can combine that with an intimate atmosphere, we have a winner!

That’s why we have decided to sponsor BSides Amsterdam. www.bsidesams.org

@olafhartong.nl presented his research at #KustoCon on using #Kusto and Kusto Graph for something magical. Olaf investigated if it was possible to do the same thing as #BloodHound, but then only using Kusto Graph. He showcased the need for attack path management.

Slides: github.com/olafhartong/...

GitHub - FalconForceTeam/FalconFriday: Hunting queries and detections Hunting queries and detections. Contribute to FalconForceTeam/FalconFriday development by creating an account on GitHub.

💡FalconForce has invested its offensive security knowledge and applied R&D into creating high-fidelity detection content; to detect threats that are in the blind spots of many organizations.

👉 Try it for yourself on GitHub: github.com/FalconForceT...

#SOC #kusto #detectionengineering #falconfriday

Webinar Sentry Detect - FalconForce In this webcast, we will take a deep-dive into the inner workings of how we deliver and maintain high-fidelity custom detection content.

#SOCs around the world are responsible for keeping the organizations resilient against cyber attacks.

Our solution "Sentry Detect" is an ideal companion for all SOCs using Microsoft Security products. You can learn more about it: falconforce.nl/webinar-sent...

Slides can be found here: github.com/olafhartong/...

Last Friday, at BruCON 0X11, @olafhartong.nl showcased his research on how defensive tooling (#EDR) can provide attackers with opportunities for deception and disruption. Trusting your tooling blindly can be a mistake. You need to make sure you can rely on your security data.

FalconFriday/0xFF-0508-Excessive_enumeration_of_policy_effective_permissions-AWS at main · FalconForceTeam/FalconFriday Hunting queries and detections. Contribute to FalconForceTeam/FalconFriday development by creating an account on GitHub.

The enumeration actually leaves specific footprints that can be picked up by defenders.

A complimentary detection is available in our FalconFriday GitHub: github.com/FalconForceT...

After our “AWS enumeration for purple teams” workshop at OrangeCon, we take a next step. In our #FalconFriday blog (falconforce.nl/falconfriday...) Nikolas explains how to catch threat actors that are harvesting information about your AWS policies.

BruCON 0X11 is just a few days away. @olafhartong.nl will present his talk “# I’m in your logs now, deceiving your analysts and blinding your EDR” on Friday Sept 26. Olaf will show how defensive tooling (EDRs) can provide attackers with opportunities for deception and disruption.