Scaling your threat hunting operations with CrowdStrike and PSFalcon

Introduction Most modern day EDRs have some sort of feature which allows blue teamers to remotely connect to hosts with an EDR agent/sensor installed, to aid in their investigation of incidents. In CrowdStrike, this is called Real Time Response, and it provides a wide range of capabilities, from executing built-in commands like ipconfig and netstat … Continue reading Scaling your threat hunting operations with CrowdStrike and PSFalcon →

Enforcing a Sysmon Archive Quota

This blog post will create a Sysmon archive quota through WMI event consumption to avoid storage exhaustion.

Windows Server Hardening with PowerShell DSC

Operating system hardening is the process of improving the security of a default OS installation to minimize the attack surface that can be exploited by an attacker. But doing this manually on each system that is deployed on-premise or in the cloud is a cumbersome task. It can lead to inconsistent security configurations because of … Continue reading Windows Server Hardening with PowerShell DSC →