| 2021-10-09 |
ELFant in the Room – capa v3 |
Reverse Engineering ‧ Willi Ballenthin |
|
| 2021-10-09 |
Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms,
Websites, and Forums in at Least Seven Languages, Attempted to
Physically Mobilize Protesters in the U.S. |
Mandiant ‧ Ryan Serabian |
|
| 2021-10-09 |
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers |
John Wolfram ‧ Adrian Sanchez Hernandez |
|
| 2021-10-09 |
Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth |
Mandiant ‧ Adrien Bataille |
|
| 2021-09-15 |
ELFant in the Room – capa v3 |
Reverse Engineering ‧ Willi Ballenthin |
|
| 2021-09-08 |
Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms,
Websites, and Forums in at Least Seven Languages, Attempted to
Physically Mobilize Protesters in the U.S. |
Mandiant ‧ Ryan Serabian |
|
| 2021-09-03 |
PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers |
John Wolfram ‧ Adrian Sanchez Hernandez |
|
| 2021-09-02 |
Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth |
Mandiant ‧ Adrien Bataille |
|
| 2021-08-24 |
Detecting Embedded Content in OOXML Documents |
Mandiant ‧ Aaron Stephens |
|
| 2021-08-24 |
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices |
Erik Barzdukas ‧ Jake Valletta |
|
| 2021-08-24 |
Announcing the Eighth Annual Flare-On Challenge |
Reverse Engineering ‧ Nick Harbour |
|
| 2021-08-24 |
UNC215: Spotlight on a Chinese Espionage Campaign in Israel |
israel ‧ Israel Research Team |
|
| 2021-08-19 |
Detecting Embedded Content in OOXML Documents |
Mandiant ‧ Aaron Stephens |
|
| 2021-08-17 |
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices |
Erik Barzdukas ‧ Jake Valletta |
|
| 2021-08-13 |
Announcing the Eighth Annual Flare-On Challenge |
Reverse Engineering ‧ Nick Harbour |
|
| 2021-08-10 |
UNC215: Spotlight on a Chinese Espionage Campaign in Israel |
israel ‧ Israel Research Team |
|
| 2021-07-22 |
capa 2.0: Better, Faster, Stronger |
Reverse Engineering ‧ William Ballenthin |
|
| 2021-07-20 |
capa 2.0: Better, Faster, Stronger |
Reverse Engineering ‧ William Ballenthin |
|
| 2021-07-15 |
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise |
Jordan Nuce ‧ Tyler McLellan |
|
| 2021-07-15 |
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse
Secure VPN Devices |
Emiel Haeghebaert ‧ Dan Perez |
|
| 2021-07-15 |
Crimes of Opportunity: Increasing Frequency of Low Sophistication
Operational Technology Compromises |
operational technology ‧ Keith Lunden |
|
| 2021-07-15 |
Shining a Light on DARKSIDE Ransomware Operations |
Jeremy Kennelly ‧ Jordan Nuce |
|
| 2021-07-15 |
The UNC2529 Triple Double: A Trifecta Phishing Campaign |
Nick Richard |
|
| 2021-07-15 |
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat |
Ransomware ‧ Tyler McLellan |
|
| 2021-07-15 |
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts
Ghostwriter Influence Activity |
information operations ‧ Lee Foster |
|
| 2021-07-15 |
Abusing Replication: Stealing AD FS Secrets Over the Network |
Threat Research ‧ Douglas Bienstock |
|
| 2021-07-15 |
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise |
Mandiant ‧ Josh Fleischer |
|
| 2021-06-30 |
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise |
Jordan Nuce ‧ Tyler McLellan |
|
| 2021-06-17 |
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise |
Jordan Nuce ‧ Tyler McLellan |
|
| 2021-06-03 |
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse
Secure VPN Devices |
Emiel Haeghebaert ‧ Dan Perez |
|
| 2021-05-28 |
Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse
Secure VPN Devices |
Emiel Haeghebaert ‧ Dan Perez |
|
| 2021-05-26 |
Crimes of Opportunity: Increasing Frequency of Low Sophistication
Operational Technology Compromises |
operational technology ‧ Keith Lunden |
|
| 2021-05-25 |
Crimes of Opportunity: Increasing Frequency of Low Sophistication
Operational Technology Compromises |
operational technology ‧ Keith Lunden |
|
| 2021-05-15 |
Shining a Light on DARKSIDE Ransomware Operations |
Jeremy Kennelly ‧ Jordan Nuce |
|
| 2021-05-15 |
The UNC2529 Triple Double: A Trifecta Phishing Campaign |
Nick Richard |
|
| 2021-05-15 |
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat |
Ransomware ‧ Tyler McLellan |
|
| 2021-05-15 |
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts
Ghostwriter Influence Activity |
information operations ‧ Lee Foster |
|
| 2021-05-15 |
Abusing Replication: Stealing AD FS Secrets Over the Network |
Threat Research ‧ Douglas Bienstock |
|
| 2021-05-12 |
Shining a Light on DARKSIDE Ransomware Operations |
Jeremy Kennelly ‧ Jordan Nuce |
|
| 2021-05-05 |
The UNC2529 Triple Double: A Trifecta Phishing Campaign |
Nick Richard |
|
| 2021-04-30 |
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat |
Ransomware ‧ Tyler McLellan |
|
| 2021-04-28 |
Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts
Ghostwriter Influence Activity |
information operations ‧ Lee Foster |
|
| 2021-04-28 |
Abusing Replication: Stealing AD FS Secrets Over the Network |
Threat Research ‧ Douglas Bienstock |
|
| 2021-04-24 |
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise |
Mandiant ‧ Josh Fleischer |
|
| 2021-04-24 |
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass
Techniques and Pulse Secure Zero-Day |
vulnerabilities ‧ Dan Perez |
|
| 2021-04-24 |
Hacking Operational Technology for Defense: Lessons Learned From OT Red
Teaming Smart Meter Control Infrastructure |
operational technology ‧ Shishir Gupta |
|
| 2021-04-24 |
M-Trends 2021: A View From the Front Lines |
Mandiant ‧ Jurgen Kutscher |
|
| 2021-04-21 |
Zero-Day Exploits in SonicWall Email Security Lead to Enterprise Compromise |
Mandiant ‧ Josh Fleischer |
|
| 2021-04-21 |
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass
Techniques and Pulse Secure Zero-Day |
vulnerabilities ‧ Dan Perez |
|
| 2021-04-21 |
Hacking Operational Technology for Defense: Lessons Learned From OT Red
Teaming Smart Meter Control Infrastructure |
operational technology ‧ Shishir Gupta |
|
| 2021-04-21 |
M-Trends 2021: A View From the Front Lines |
Mandiant ‧ Jurgen Kutscher |
|
| 2021-04-21 |
Back in a Bit: Attacker Use of the Windows Background Intelligent
Transfer Service |
Detection ‧ David Via |
|
| 2021-04-21 |
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities |
vulnerabilities ‧ Matt Bromiley |
|
| 2021-04-21 |
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based
Entity; Possible Connection to UNC2452 |
Malware ‧ Lindsay Smith |
|
| 2021-04-21 |
Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory |
vulnerabilities ‧ Dhanesh Kizhakkinan |
|
| 2021-04-21 |
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations |
Mandiant ‧ Bryce Abdo |
|
| 2021-04-21 |
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion |
Mandiant ‧ Andrew Moore |
|
| 2021-04-21 |
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part Two) |
vulnerabilities ‧ Jake Valletta |
|
| 2021-04-21 |
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part One) |
vulnerabilities ‧ Jake Valletta |
|
| 2021-04-21 |
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication |
Bernard Sapaden |
|
| 2021-04-21 |
Training Transformers for Cyber Security Tasks: A Case Study on
Malicious URL Prediction |
machine learning ‧ Ethan M. Rudd |
|
| 2021-04-21 |
Emulation of Kernel Mode Rootkits With Speakeasy |
Andrew Davis |
|
| 2021-04-21 |
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 |
Mike Burns |
|
| 2021-04-21 |
SUNBURST Additional Technical Details |
Malware ‧ Stephen Eckels |
|
| 2021-04-21 |
FLARE VM Update |
FLARE ‧ Nhan Huynh |
|
| 2021-04-20 |
Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass
Techniques and Pulse Secure Zero-Day |
vulnerabilities ‧ Dan Perez |
|
| 2021-04-14 |
Hacking Operational Technology for Defense: Lessons Learned From OT Red
Teaming Smart Meter Control Infrastructure |
operational technology ‧ Shishir Gupta |
|
| 2021-04-14 |
M-Trends 2021: A View From the Front Lines |
Mandiant ‧ Jurgen Kutscher |
|
| 2021-04-07 |
Back in a Bit: Attacker Use of the Windows Background Intelligent
Transfer Service |
Detection ‧ David Via |
|
| 2021-04-01 |
Back in a Bit: Attacker Use of the Windows Background Intelligent
Transfer Service |
Detection ‧ David Via |
|
| 2021-03-11 |
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities |
vulnerabilities ‧ Matt Bromiley |
|
| 2021-03-11 |
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based
Entity; Possible Connection to UNC2452 |
Malware ‧ Lindsay Smith |
|
| 2021-03-11 |
Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory |
vulnerabilities ‧ Dhanesh Kizhakkinan |
|
| 2021-03-05 |
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities |
vulnerabilities ‧ Matt Bromiley |
|
| 2021-03-05 |
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based
Entity; Possible Connection to UNC2452 |
Malware ‧ Lindsay Smith |
|
| 2021-03-04 |
Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory |
vulnerabilities ‧ Dhanesh Kizhakkinan |
|
| 2021-02-26 |
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations |
Mandiant ‧ Bryce Abdo |
|
| 2021-02-26 |
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations |
Mandiant ‧ Bryce Abdo |
|
| 2021-02-23 |
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion |
Mandiant ‧ Andrew Moore |
|
| 2021-02-23 |
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part Two) |
vulnerabilities ‧ Jake Valletta |
|
| 2021-02-23 |
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part One) |
vulnerabilities ‧ Jake Valletta |
|
| 2021-02-23 |
A Totally Tubular Treatise on TRITON and TriStation |
Ics ‧ Steve Miller |
|
| 2021-02-23 |
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion |
Mandiant ‧ Andrew Moore |
|
| 2021-02-18 |
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part One) |
vulnerabilities ‧ Jake Valletta |
|
| 2021-02-18 |
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT
Device (Part Two) |
vulnerabilities ‧ Jake Valletta |
|
| 2021-02-13 |
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication |
Bernard Sapaden |
|
| 2021-02-13 |
FLARE VM Update |
FLARE ‧ Nhan Huynh |
|
| 2021-02-13 |
FLARE VM Update |
FLARE ‧ Nhan Huynh |
|
| 2021-01-27 |
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication |
Bernard Sapaden |
|
| 2021-01-26 |
Purgalicious VBA: Macro Obfuscation With VBA Purging |
Andrew Oliveau |
|
| 2021-01-26 |
Training Transformers for Cyber Security Tasks: A Case Study on
Malicious URL Prediction |
machine learning ‧ Ethan M. Rudd |
|
| 2021-01-26 |
Emulation of Kernel Mode Rootkits With Speakeasy |
Andrew Davis |
|
| 2021-01-26 |
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452 |
Mike Burns |
|
| 2021-01-26 |
SUNBURST Additional Technical Details |
Malware ‧ Stephen Eckels |
|
| 2021-01-26 |
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise
Multiple Global Victims With SUNBURST Backdoor |
FireEye |
|
| 2021-01-26 |
Unauthorized Access of FireEye Red Team Tools |
FireEye |
|
| 2021-01-26 |
Using Speakeasy Emulation Framework Programmatically to Unpack Malware |
James T. Bennett |
|
| 2021-01-26 |
Election Cyber Threats in the Asia-Pacific Region |
Threat Research ‧ Yihao Lim |
|
| 2021-01-26 |
WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques |
Detection ‧ Stephen Eckels |
|
| 2021-01-26 |
In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow
Remote Takeover — CVE-2020-14871 |
Exploit ‧ Jacob Thompson |
|
