FalconForce
@falconforce.nl
Building a resilient digital society through highly specialised digital security consulting.
The sold-out #BSidesAmsterdam event, where 200+ information security enthusiasts joined, was a great day full of inspiring talks.
It brought brilliant minds together and created an atmosphere where new ideas could flow and people went home inspired. See you next year!
It brought brilliant minds together and created an atmosphere where new ideas could flow and people went home inspired. See you next year!
November 24, 2025 at 9:26 AM
The sold-out #BSidesAmsterdam event, where 200+ information security enthusiasts joined, was a great day full of inspiring talks.
It brought brilliant minds together and created an atmosphere where new ideas could flow and people went home inspired. See you next year!
It brought brilliant minds together and created an atmosphere where new ideas could flow and people went home inspired. See you next year!
Microsoft recently published a new feature for Defender for Endpoint (#MDE) called Custom Collection.
@olafhartong.nl explains what Custom Collection is and how it work in his blog: falconforce.nl/microsoft-de...
@olafhartong.nl explains what Custom Collection is and how it work in his blog: falconforce.nl/microsoft-de...
November 20, 2025 at 1:10 PM
Microsoft recently published a new feature for Defender for Endpoint (#MDE) called Custom Collection.
@olafhartong.nl explains what Custom Collection is and how it work in his blog: falconforce.nl/microsoft-de...
@olafhartong.nl explains what Custom Collection is and how it work in his blog: falconforce.nl/microsoft-de...
The Oesterreichische Nationalbank hosted this year’s TIBER-EU Provider Conference called T-REX (TIBER/TLPT Resilience Exchange). It was nice to see so many familiar faces at the TIBER-EU event in Vienna.
#redteaming #TLPT #TIBER #TIBEREU
#redteaming #TLPT #TIBER #TIBEREU
November 18, 2025 at 3:06 PM
The Oesterreichische Nationalbank hosted this year’s TIBER-EU Provider Conference called T-REX (TIBER/TLPT Resilience Exchange). It was nice to see so many familiar faces at the TIBER-EU event in Vienna.
#redteaming #TLPT #TIBER #TIBEREU
#redteaming #TLPT #TIBER #TIBEREU
We believe that community-driven events where people share knowledge about information security are crucial. If we can combine that with an intimate atmosphere, we have a winner!
That’s why we have decided to sponsor BSides Amsterdam. www.bsidesams.org
That’s why we have decided to sponsor BSides Amsterdam. www.bsidesams.org
November 12, 2025 at 9:51 AM
We believe that community-driven events where people share knowledge about information security are crucial. If we can combine that with an intimate atmosphere, we have a winner!
That’s why we have decided to sponsor BSides Amsterdam. www.bsidesams.org
That’s why we have decided to sponsor BSides Amsterdam. www.bsidesams.org
@olafhartong.nl presented his research at #KustoCon on using #Kusto and Kusto Graph for something magical. Olaf investigated if it was possible to do the same thing as #BloodHound, but then only using Kusto Graph. He showcased the need for attack path management.
Slides: github.com/olafhartong/...
Slides: github.com/olafhartong/...
November 11, 2025 at 2:25 PM
@olafhartong.nl presented his research at #KustoCon on using #Kusto and Kusto Graph for something magical. Olaf investigated if it was possible to do the same thing as #BloodHound, but then only using Kusto Graph. He showcased the need for attack path management.
Slides: github.com/olafhartong/...
Slides: github.com/olafhartong/...
Last Friday, at BruCON 0X11, @olafhartong.nl showcased his research on how defensive tooling (#EDR) can provide attackers with opportunities for deception and disruption. Trusting your tooling blindly can be a mistake. You need to make sure you can rely on your security data.
September 29, 2025 at 8:29 AM
Last Friday, at BruCON 0X11, @olafhartong.nl showcased his research on how defensive tooling (#EDR) can provide attackers with opportunities for deception and disruption. Trusting your tooling blindly can be a mistake. You need to make sure you can rely on your security data.
After our “AWS enumeration for purple teams” workshop at OrangeCon, we take a next step. In our #FalconFriday blog (falconforce.nl/falconfriday...) Nikolas explains how to catch threat actors that are harvesting information about your AWS policies.
September 19, 2025 at 12:14 PM
After our “AWS enumeration for purple teams” workshop at OrangeCon, we take a next step. In our #FalconFriday blog (falconforce.nl/falconfriday...) Nikolas explains how to catch threat actors that are harvesting information about your AWS policies.
BruCON 0X11 is just a few days away. @olafhartong.nl will present his talk “# I’m in your logs now, deceiving your analysts and blinding your EDR” on Friday Sept 26. Olaf will show how defensive tooling (EDRs) can provide attackers with opportunities for deception and disruption.
September 17, 2025 at 11:31 AM
BruCON 0X11 is just a few days away. @olafhartong.nl will present his talk “# I’m in your logs now, deceiving your analysts and blinding your EDR” on Friday Sept 26. Olaf will show how defensive tooling (EDRs) can provide attackers with opportunities for deception and disruption.
We had a fantastic time at @orangecon.nl 🎉
It’s always inspiring to see so many security professionals come together to share their knowledge and passion for advancing the industry. That’s exactly why we’re proud to sponsor this event.
It’s always inspiring to see so many security professionals come together to share their knowledge and passion for advancing the industry. That’s exactly why we’re proud to sponsor this event.
September 12, 2025 at 12:12 PM
We had a fantastic time at @orangecon.nl 🎉
It’s always inspiring to see so many security professionals come together to share their knowledge and passion for advancing the industry. That’s exactly why we’re proud to sponsor this event.
It’s always inspiring to see so many security professionals come together to share their knowledge and passion for advancing the industry. That’s exactly why we’re proud to sponsor this event.
A big thank you to all participants who joined our 4-day Advanced Detection Engineering in the Enterprise training at BlackHat. It has been a pleasure to have such an engaging group of professionals. We also had a great time in Las Vegas at the #bhusa and #DEFCON conferences. Until next time!
August 21, 2025 at 10:12 AM
In our latest webinar we proudly presented Sentry Respond - FalconForce’s cloud native automation platform for high maturity SOCs - to the world! You can watch the webinar recording and download the slides from our website: falconforce.nl/webinar-sent... Contact us if you want to learn more!
July 15, 2025 at 12:24 PM
In our latest webinar we proudly presented Sentry Respond - FalconForce’s cloud native automation platform for high maturity SOCs - to the world! You can watch the webinar recording and download the slides from our website: falconforce.nl/webinar-sent... Contact us if you want to learn more!
It's has been 5 years already! Together with 15 Falcons, we celebrated the 5-year anniversary of FalconForce in style. We teamed up in Greece and went on an amazing trip to sunny Santorini. A trip to remember 🇬🇷 ☀️ 🦅
June 6, 2025 at 7:17 AM
It's has been 5 years already! Together with 15 Falcons, we celebrated the 5-year anniversary of FalconForce in style. We teamed up in Greece and went on an amazing trip to sunny Santorini. A trip to remember 🇬🇷 ☀️ 🦅
One of the least discussed topics in detection engineering is maintenance. But why is no one talking about this? In this first blog we explore its relevance to #detectionengineering and the paradox that keeps us awake at night. Enjoy!
falconforce.nl/why-is-no-on...
falconforce.nl/why-is-no-on...
May 9, 2025 at 10:37 AM
One of the least discussed topics in detection engineering is maintenance. But why is no one talking about this? In this first blog we explore its relevance to #detectionengineering and the paradox that keeps us awake at night. Enjoy!
falconforce.nl/why-is-no-on...
falconforce.nl/why-is-no-on...
We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them.
falconforce.nl/dawshund-fra...
#blueteaming #redteaming
falconforce.nl/dawshund-fra...
#blueteaming #redteaming
April 11, 2025 at 11:55 AM
We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them.
falconforce.nl/dawshund-fra...
#blueteaming #redteaming
falconforce.nl/dawshund-fra...
#blueteaming #redteaming
We are hiring offensive specialists! We are looking for experienced professionals who deliver high-quality offensive security services to help our client's defensive teams become more resilient. Sounds like you? falconforce.nl/falconforce-...
#hiring #offensivesecurity #purpleteam #redteam
#hiring #offensivesecurity #purpleteam #redteam
April 3, 2025 at 9:27 AM
We are hiring offensive specialists! We are looking for experienced professionals who deliver high-quality offensive security services to help our client's defensive teams become more resilient. Sounds like you? falconforce.nl/falconforce-...
#hiring #offensivesecurity #purpleteam #redteam
#hiring #offensivesecurity #purpleteam #redteam
Upcoming new FalconForce Sentry Respond webinar! Register now: events.teams.microsoft.com/event/0447b5...
Join us on Tuesday 1 July 2025, 16:00h CEST, to get actionable insights on on how we support #SOCs enhancing their efficiency. Facilitated by FalconForce specialists @olafhartong.nl and Henri.
Join us on Tuesday 1 July 2025, 16:00h CEST, to get actionable insights on on how we support #SOCs enhancing their efficiency. Facilitated by FalconForce specialists @olafhartong.nl and Henri.
March 21, 2025 at 2:26 PM
Upcoming new FalconForce Sentry Respond webinar! Register now: events.teams.microsoft.com/event/0447b5...
Join us on Tuesday 1 July 2025, 16:00h CEST, to get actionable insights on on how we support #SOCs enhancing their efficiency. Facilitated by FalconForce specialists @olafhartong.nl and Henri.
Join us on Tuesday 1 July 2025, 16:00h CEST, to get actionable insights on on how we support #SOCs enhancing their efficiency. Facilitated by FalconForce specialists @olafhartong.nl and Henri.
FalconForce’s @olafhartong.nl and James joined #Insomnihack and facilitated a 3-day workshop version of our Advanced Detection Engineering in the Enterprise training. Many thanks to all the participants for their efforts, questions and input! We hope you enjoyed it as much as we did.
March 19, 2025 at 1:29 PM
FalconForce’s @olafhartong.nl and James joined #Insomnihack and facilitated a 3-day workshop version of our Advanced Detection Engineering in the Enterprise training. Many thanks to all the participants for their efforts, questions and input! We hope you enjoyed it as much as we did.
For the fourth consecutive year, we will be back in Las Vegas to facilitate our Advanced Detection Engineering in the Enterprise training!
Get your ticket before May 25. More information and registration: www.blackhat.com/us-25/traini...
#detectionengineering #training
Get your ticket before May 25. More information and registration: www.blackhat.com/us-25/traini...
#detectionengineering #training
February 14, 2025 at 11:06 AM
For the fourth consecutive year, we will be back in Las Vegas to facilitate our Advanced Detection Engineering in the Enterprise training!
Get your ticket before May 25. More information and registration: www.blackhat.com/us-25/traini...
#detectionengineering #training
Get your ticket before May 25. More information and registration: www.blackhat.com/us-25/traini...
#detectionengineering #training
We’re off to a great start in 2025! It is a special year for us, since we are celebrating our 5th anniversary. To celebrate this we made ourselves an AI-generated birthday cake that we would like to share with you. #happybirthday @falconforce.nl 🎉
January 24, 2025 at 1:08 PM
We’re off to a great start in 2025! It is a special year for us, since we are celebrating our 5th anniversary. To celebrate this we made ourselves an AI-generated birthday cake that we would like to share with you. #happybirthday @falconforce.nl 🎉
We held our first webinar and had a great time presenting our insights in delivering and maintaining high-fidelity bespoke detection content! Did you miss it? Or forgot to make a note? We got you covered with the recording and a PDF with the slides: falconforce.nl/webinar-sent...
January 23, 2025 at 2:36 PM
We held our first webinar and had a great time presenting our insights in delivering and maintaining high-fidelity bespoke detection content! Did you miss it? Or forgot to make a note? We got you covered with the recording and a PDF with the slides: falconforce.nl/webinar-sent...
n our latest blog, we follow Arnau (www.linkedin.com/in/arnauorte...) on his journey to leverage #WinRM plugins for lateral movement. A deep rabbit hole that ultimately led to a custom plugin, #BOF and a solid detection in our #FalconFriday repository 🦅 falconforce.nl/exploring-wi...
January 20, 2025 at 12:01 PM
n our latest blog, we follow Arnau (www.linkedin.com/in/arnauorte...) on his journey to leverage #WinRM plugins for lateral movement. A deep rabbit hole that ultimately led to a custom plugin, #BOF and a solid detection in our #FalconFriday repository 🦅 falconforce.nl/exploring-wi...
Come join us at #YellowHat in Amsterdam or via the global livestream, March 6. The conference is dedicated exclusively to @microsoft.com security technology. Tickets and registration: yellowhat.live
January 17, 2025 at 2:43 PM
Come join us at #YellowHat in Amsterdam or via the global livestream, March 6. The conference is dedicated exclusively to @microsoft.com security technology. Tickets and registration: yellowhat.live
No sleep for us! We will facilitate a 3-day workshop version of our Advanced Detection Engineering in the Enterprise training at #insomnihack in Switzerland. Registration is open! Information and registration: insomnihack.ch/workshops/ad...
#detectionengineering #training #purpleteam
#detectionengineering #training #purpleteam
December 20, 2024 at 9:49 AM
No sleep for us! We will facilitate a 3-day workshop version of our Advanced Detection Engineering in the Enterprise training at #insomnihack in Switzerland. Registration is open! Information and registration: insomnihack.ch/workshops/ad...
#detectionengineering #training #purpleteam
#detectionengineering #training #purpleteam
Upcoming FalconForce Sentry Detect webinar! Register now: events.teams.microsoft.com/event/700051... Join us on Wed 22 January 2025, 16:00h CET, to get actionable insights on how we deliver and maintain high-fidelity bespoke detection content. Facilitated by @olafhartong.nl and Henri (x.com/0xffhh).
December 17, 2024 at 1:10 PM
Upcoming FalconForce Sentry Detect webinar! Register now: events.teams.microsoft.com/event/700051... Join us on Wed 22 January 2025, 16:00h CET, to get actionable insights on how we deliver and maintain high-fidelity bespoke detection content. Facilitated by @olafhartong.nl and Henri (x.com/0xffhh).
Join @olafhartong.nl in his journey down the rabbit hole in search of new detection opportunities in the #Zeek telemetry embedded in Microsoft's EDR #MDE! Detection engineering is sometimes hard … 😎
falconforce.nl/detection-en...
#detectionengineering #kql #blueteam
falconforce.nl/detection-en...
#detectionengineering #kql #blueteam
December 16, 2024 at 2:40 PM
Join @olafhartong.nl in his journey down the rabbit hole in search of new detection opportunities in the #Zeek telemetry embedded in Microsoft's EDR #MDE! Detection engineering is sometimes hard … 😎
falconforce.nl/detection-en...
#detectionengineering #kql #blueteam
falconforce.nl/detection-en...
#detectionengineering #kql #blueteam