Marat Nigmatullin retweetledi
FalconForce is proud to be part of @SpecterOps' SO-CON conference in April.
And this year, there’s not one but two FalconForce talks at #SOCON!
More information and registration: specterops.io/so-con/
English
Marat Nigmatullin
374 posts
Marat Nigmatullin
@_mnigma_
Hacking & Researching @falconforceteam | Ex-Unit 42
Netherlands Katılım Haziran 2019
128 Takip Edilen103 Takipçiler
Marat Nigmatullin retweetledi
At FalconForce, we are always looking to enhance our detection engineering practices. In our latest #FalconFriday blog, we present the applied research that was done and our observations on near-real-time (NRT) analytic rules in practice: falconforce.nl/falconfriday-n…
English
Marat Nigmatullin retweetledi
New year, new training dates! First stop of the year will be at @1ns0mn1h4ck, March 16-18 in Lausanne, Switzerland. Tickets for my Entra ID class are now on sale. More info and registration: insomnihack.ch/workshops/offe…
English
Marat Nigmatullin retweetledi
Happy New Year! 2026 has started and we are eager to share with you our ambitions for this brand-new year.
Read the full post: linkedin.com/feed/update/ur…
English
Thrilled to speak at @SpecterOps SO-CON 2026! 🔥 Expect to learn about CyberArk PVWA edge cases & common CCP API misconfigurations to access "hidden" secrets: "4 GET requests = 3 Domain Admins – CyberArk magic you didn't know." #SOCON2026
FalconForce Official@falconforceteam
FalconForce is proud to be part of @SpecterOps' SO-CON conference in April 2026. @_mnigma_ will present a talk on abusing misconfigurations in #CyberArk to get high privileges: “4 Get requests = 3 Domain admins: CyberArk magic you didn’t know about”. specterops.io/so-con/
English
Marat Nigmatullin retweetledi
#MDE custom collection is finally in public preview! It's a centrally managed solution to improve visibility and detection opportunities.
We're releasing a management tool and rule repository in YAML format to share new rules with the community.
medium.com/falconforce/mi…
English
Marat Nigmatullin retweetledi
Back in July, Neeraj Gupta introduced DeepPass2, a smarter secret scanner that finds both API keys/tokens & contextual passwords using BERT + LLM validation.
The model & tool code are now live!
Model ➡️ ghst.ly/3KTLkmm
Code ➡️ ghst.ly/3L96jS5
🧵: 1/2
English
Marat Nigmatullin retweetledi
What happens when the User-Account-Restrictions property gets misconfigured?
Spoiler: It's not good. From account compromise to full domain takeover, @unsigned_sh0rt breaks down why this permission set is more dangerous than most realize. ghst.ly/4mKgycH
English
Big thanks to @MDSecLabs & @OutflankNL for organizing #RedTreat 🙌 Great content, awesome panel discussions, and amazing people. Thanks to all the presenters and to the new people I had the chance to meet🫶
Dominic Chell 👻@domchell
#RedTreat2025 is a wrap @StanHacked @MarcOverIP - thanks to all the speakers and the panel team for an extra awesome con this year 🫶
English
Marat Nigmatullin retweetledi
Made a thing, mucking about with python and a LDAP browser concept to ingest straight into BloodHound, simple LDAP browser using PyQt as a GUI and neo4j-driver to ingest into BH. Coming Soon #itstimetobrowse
English
Marat Nigmatullin retweetledi
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
github.com/olafhartong/Ba…
Slides available here:
github.com/olafhartong/Pr…
English
Marat Nigmatullin retweetledi
In about an hour I’ll present my talk I’m in your logs now, deceiving your analysts and blinding your EDR at #BHUSA25 @BlackHatEvents in Islander E/I. Come and hang out!
English
Marat Nigmatullin retweetledi
Marat Nigmatullin retweetledi
One of the least discussed topics in detection engineering is maintenance. But why is no one talking about this? In this first blog we explore its relevance to #detectionengineering and the paradox that keeps us awake at night. Enjoy!
falconforce.nl/why-is-no-one-…
English
Marat Nigmatullin retweetledi
Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂
sapirxfed.com/2025/04/28/exp…
English
Marat Nigmatullin retweetledi
.NET GAC and NIC hijacking for lateral movement: williamknowles.io/net-gac-and-ni…
English
Marat Nigmatullin retweetledi
New blog from me about a bug in Power Apps that allows execution of arbitrary SQL queries on hosts connected through on-prem data gateways. This can turn external O365 access into compromised on-prem SQL servers. ibm.com/think/x-force/…
English
Marat Nigmatullin retweetledi
We are proud to introduce #dAWShund to the world: a framework for putting a leash on naughty AWS permissions. dAWShund helps blue and red teams find resources in #AWS, evaluate their access levels and visualize the relationships between them.
falconforce.nl/dawshund-frame…
English
Marat Nigmatullin retweetledi
We are hiring offensive specialists! We are looking for experienced professionals who deliver high-quality offensive security services to help our client's defensive teams become more resilient. Sounds like you? falconforce.nl/falconforce-of…
#offensivesecurity #purpleteam #redteam
English
Marat Nigmatullin retweetledi
n our latest blog, we follow Arnau (linkedin.com/in/arnauortega/) on his journey to leverage #WinRM plugins for lateral movement. A deep rabbit hole that ultimately led to a custom plugin, #BOF and a solid detection in our #FalconFriday repository 🦅falconforce.nl/exploring-winr…
English