Hacking & Researching @falconforceteam | Ex-Unit 42
Joined June 2019
- Tweets 378
- Following 132
- Followers 113
- Likes 42
1 Photos and videos
Marat Nigmatullin retweeted
May 21
Next august, we'll host our newly designed advanced defensive engineering training at @BlackHatEvents in Las Vegas. Next to detection engineering we'll also cover topics like enrichment, lifecycle management and AI. There are still some spot left!
blackhat.com/us-26/training/…
11
20
4,122
Marat Nigmatullin retweeted
Last week, we joined @SpecterOps' SO-CON conference in Arlington, US. It has been an exciting week, with two FalconForce presentations on stage from @_mnigma_ and @olafhartong .
We look back at a great time at SO-CON!
1
1
316
Marat Nigmatullin retweeted
Apr 14
CyberArk is built to protect your crown jewels, but what if it becomes the attack path?
@_mnigma_ shows how misconfigurations in PVWA & CCP can be abused to extract credentials and escalate privileges in just a few steps. #SOCON2026
1
14
1,432
In one week I will be presenting at @SpecterOps SO-CON 2026 about CyberArk PAM. I will share our practical experience and insights on PVWA edge cases and CCP API misconfigurations. #SOCON2026
More information and registration: specterops.io/so-con/
5
12
1,844
Marat Nigmatullin retweeted
FalconForce is proud to be part of @SpecterOps' SO-CON conference in April.
And this year, there’s not one but two FalconForce talks at #SOCON!
More information and registration: specterops.io/so-con/
3
7
1,013
Marat Nigmatullin retweeted
At FalconForce, we are always looking to enhance our detection engineering practices. In our latest #FalconFriday blog, we present the applied research that was done and our observations on near-real-time (NRT) analytic rules in practice: falconforce.nl/falconfriday-…
4
4
1,443
New year, new training dates! First stop of the year will be at @1ns0mn1h4ck, March 16-18 in Lausanne, Switzerland. Tickets for my Entra ID class are now on sale. More info and registration: insomnihack.ch/workshops/off…
2
14
37
7,513
Marat Nigmatullin retweeted
Happy New Year! 2026 has started and we are eager to share with you our ambitions for this brand-new year.
Read the full post: linkedin.com/feed/update/urn…
1
3
5
1,492
23 Dec 2025
Thrilled to speak at @SpecterOps SO-CON 2026! 🔥 Expect to learn about CyberArk PVWA edge cases & common CCP API misconfigurations to access "hidden" secrets: "4 GET requests = 3 Domain Admins – CyberArk magic you didn't know." #SOCON2026
23 Dec 2025
FalconForce is proud to be part of @SpecterOps' SO-CON conference in April 2026. @_mnigma_ will present a talk on abusing misconfigurations in #CyberArk to get high privileges: “4 Get requests = 3 Domain admins: CyberArk magic you didn’t know about”.
specterops.io/so-con/
2
156
Marat Nigmatullin retweeted
20 Nov 2025
#MDE custom collection is finally in public preview! It's a centrally managed solution to improve visibility and detection opportunities.
We're releasing a management tool and rule repository in YAML format to share new rules with the community.
medium.com/falconforce/micro…
5
43
168
29,977
Marat Nigmatullin retweeted
21 Oct 2025
Back in July, Neeraj Gupta introduced DeepPass2, a smarter secret scanner that finds both API keys/tokens & contextual passwords using BERT LLM validation.
The model & tool code are now live!
Model ➡️ ghst.ly/3KTLkmm
Code ➡️ ghst.ly/3L96jS5
🧵: 1/2
2
15
48
9,585
Marat Nigmatullin retweeted
1 Oct 2025
What happens when the User-Account-Restrictions property gets misconfigured?
Spoiler: It's not good. From account compromise to full domain takeover, @unsigned_sh0rt breaks down why this permission set is more dangerous than most realize. ghst.ly/4mKgycH
1
54
94
12,698
29 Sep 2025
Big thanks to @MDSecLabs & @OutflankNL for organizing #RedTreat 🙌 Great content, awesome panel discussions, and amazing people. Thanks to all the presenters and to the new people I had the chance to meet🫶
26 Sep 2025
#RedTreat2025 is a wrap @StanHacked @MarcOverIP - thanks to all the speakers and the panel team for an extra awesome con this year 🫶
5
299
Marat Nigmatullin retweeted
12 Sep 2025
Made a thing, mucking about with python and a LDAP browser concept to ingest straight into BloodHound, simple LDAP browser using PyQt as a GUI and neo4j-driver to ingest into BH. Coming Soon #itstimetobrowse
3
9
63
31,347
Marat Nigmatullin retweeted
6 Aug 2025
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
github.com/olafhartong/Bambo…
Slides available here:
github.com/olafhartong/Prese…
3
116
313
20,502
Marat Nigmatullin retweeted
6 Aug 2025
In about an hour I’ll present my talk I’m in your logs now, deceiving your analysts and blinding your EDR at #BHUSA25 @BlackHatEvents in Islander E/I. Come and hang out!
5
13
60
3,728
Marat Nigmatullin retweeted
15 May 2025
Wow, very excited to delivery my first offensive talk at #BHUSA this summer
30
15
229
13,640
Marat Nigmatullin retweeted
9 May 2025
One of the least discussed topics in detection engineering is maintenance. But why is no one talking about this? In this first blog we explore its relevance to #detectionengineering and the paradox that keeps us awake at night. Enjoy!
falconforce.nl/why-is-no-one…
6
20
3,622
Marat Nigmatullin retweeted
29 Apr 2025
Just me exploring new undocumented Entra APIs and doing some TTD to make Device Registration Service to change some Device attributes🙂
sapirxfed.com/2025/04/28/exp…
4
41
182
35,272
Marat Nigmatullin retweeted
28 Apr 2025
.NET GAC and NIC hijacking for lateral movement: williamknowles.io/net-gac-an…
1
31
71
22,521