FalconForce

The sold-out #BSidesAmsterdam event, where over 200 information security enthusiasts joined, was a great day full of inspiring talks. Such a nice ambiance at PONG - House of Ping! BSides Amsterdam brought brilliant minds together and created an atmosphere where new ideas could flow and people went home inspired. As the sponsor of this event, we consider BSides Amsterdam a great success. See you next year!

Microsoft recently published a new feature for Defender for Endpoint (#MDE) called Custom Collection. At FalconForce, we've had the great privilege over the last year to work with the development team as a design partner, testing this feature and providing feedback. Custom Collection, in short, is what the name implies: it's an MDE feature that lets users define a custom set of rules to be collected alongside regular MDE telemetry. ⛄️ Olaf Hartong explains what Custom Collection is and how it work in his blog: https://lnkd.in/eDhjWzJH 👉 Try our latest tool called Telemetry Collection Manager for easy deployment and maintenance of this new Custom Collection feature: https://lnkd.in/eUVQMMak

The Oesterreichische Nationalbank hosted this year’s TIBER-EU Provider Conference called T-REX (TIBER/TLPT Resilience Exchange). It was nice to see so many familiar faces at the TIBER-EU event in Vienna. Sharing knowledge within this community is very important to us. FalconForce has been performing TLPT/TIBER exercises since the start. Being able to mimic real-life cyber attackers with the right level of sophistication is critical to test the financial sector against the threats they are faced with every day. Learn more about how we can help you expose security gaps, detect advanced threats and respond accurately at https://falconforce.nl #redteaming #TLPT #TIBER #TIBEREU

We believe that community-driven events where people share knowledge about information security are crucial. If we can combine that with an intimate atmosphere that encourages collaboration, we have a winner! That’s why we have decided to sponsor BSides Amsterdam. After a few years of absence, #BSidesAmsterdam is back! We look forward to meeting many security professionals on 20 November 2025. Special thanks to the BSides Amsterdam organising team: Alexandra Charikova, Hugo van den Toorn, Joey Dreijer, Korstiaan S., Marina Bochenkova, Paul Moreno and Roald Nefs. More information: https://www.bsidesams.org

We believe that community-driven events where people share knowledge about information security are crucial. If we can combine that with an intimate atmosphere that encourages collaboration, we have a winner! That’s why we have decided to sponsor BSides Amsterdam. After a few years of absence, #BSidesAmsterdam is back! We look forward to meeting many security professionals on 20 November 2025. Special thanks to the BSides Amsterdam organising team: Alexandra Charikova, Hugo van den Toorn, Joey Dreijer, Korstiaan S., Marina Bochenkova, Paul Moreno and Roald Nefs. More information: https://www.bsidesams.org

We had a great time at #KustoCon last week, meeting many #Kusto enthusiastic professionals inside and outside the security field. ⛄️ Olaf Hartong presented his research on using Kusto and Kusto Graph for something magical. Normally, attackers and security professionals often use tooling like SpecterOps’ #BloodHound to identify attack and escalation paths in a Microsoft environment. Olaf investigated if it was possible to do the same thing, but then only using Kusto Graph. The research revealed new possibilities for defenders, but also for attackers, showcasing the need for attack path management. You can find the slides presented here: https://lnkd.in/eCWnZfHC We hope this research inspires more people to explore beyond what we already know today!

At FalconForce, we have the pleasure to work with Fortune 500 clients to expose their security gaps, help them detect advanced threats and ensure an accurate response. We see that many organizations (Fortune 500 or not) struggle to find enough skilled people for their cyber defense teams. Therefore, these understaffed teams carry a heavy burden and are often left without the time to create and maintain robust detections. 💡That’s why FalconForce has invested its offensive security knowledge and applied R&D into creating high-fidelity detection content; to detect threats that are in the blind spots of many organizations. 👉 Try a sample of our high-fidelity detection content for yourself! You can find all our freely available detection content (based on our popular FalconFriday blog series) for Microsoft Defender XDR and Sentinel on GitHub: https://lnkd.in/drph7kn #SOC #Sentinel #defenderxdr #kusto #detectionengineering #falconfriday

Security Operations Centers (#SOCs) around the world are responsible for keeping the organizations resilient against cyber attacks. SOCs are busy with detecting and responding to ‘incidents’ that could indicate an upcoming ransomware attack or data breach. In our conversations with SOCs we hear a common theme that most SOCs struggle with. “We don’t have the time to properly research the latest attack techniques and create new, custom detections. How can we be sure we are monitoring the right things?” This struggle made us wonder: can we turn the knowledge of FalconForce’s excellent #redteam (about advanced attacks, evasion and bypass techniques) into developing high-fidelity detections for SOCs to detect real threat actors? Yes, we can! Our solution is called Sentry Detect, and it is an ideal companion for all SOCs using Microsoft Security products. You can learn more about it in our recorded webinar: https://lnkd.in/gfxpPQrx

One of the reasons, we participated at BruCON 0X11 last week, was the relaxed and open atmosphere that brings the community together. On Friday, ⛄️ Olaf Hartong showcased his research on how defensive tooling (#EDR) can provide attackers with opportunities for deception and disruption. Trusting your tooling blindly can be a mistake. You need checks and balances to make sure you can rely on your security data. Slides can be found here: https://lnkd.in/eWW5MXDG We had a great time at BruCON 0X11! We have seen and talked to so many passionate security professionals. Right in the heart of Mechelen, at the Lamot conference center, a former brewery. With stunning views of the city.

The “AWS enumeration for purple teams” workshop at OrangeCon was a great success! Nikolas Mantas took everyone on a journey to #AWS enumeration with #dAWShund and the room was packed. Today, we take a next step. In our #FalconFriday blog (https://lnkd.in/eMzsRQAz) Nikolas explains how to catch threat actors that are harvesting information about your AWS policies. The enumeration actually leaves specific footprints that can be picked up by defenders using the provided #KQL queries. A complimentary detection is available in our FalconFriday GitHub: https://lnkd.in/ew46GK5y