Open Sourcing StringSifter
Malware analysts routinely use the Strings
program during static analysis in order to inspect a binary's
printable characters. However, identifying relevant strings by hand is
time consuming and prone to human error. Larger binaries produce
...
Ransomware Protection and Containment Strategies: Practical Guidance for Endpoint Protection, Hardening, and Containment
Ransomware is a global threat targeting organizations in all
industries. The impact of a successful ransomware event can be
material to an organization - including the loss of access to data,
systems, and operational outages. The...
SharPersist: Windows Persistence Toolkit in C#
Background
PowerShell has been used by the offensive community for several
years now but recent advances in the defensive security industry are
causing offensive toolkits to migrate from PowerShell to reflective C#
to evade modern security...
Definitive Dossier of Devilish Debug Details – Part One: PDB Paths and Malware
Have you ever wondered what goes through the mind of a malware
author? How they build their tools? How they organize their
development projects? What kind of computers and software they use? We
took a stab...
Healthcare: Research Data and PII Continuously Targeted by Multiple Threat Actors
The healthcare industry faces a range of threat groups and malicious
activity. Given the critical role that healthcare plays within society
and its relationship with our most sensitive information, the risk to
this sector is especially...
GAME OVER: Detecting and Stopping an APT41 Operation
In August 2019, FireEye released
the “Double Dragon” report on our newest graduated threat group,
APT41. A China-nexus dual espionage and financially-focused group,
APT41 targets industries such as gaming, healthcare, high-tech, higher
education,...
Showing Vulnerability to a Machine: Automated Prioritization of Software Vulnerabilities
Introduction
If a software vulnerability can be detected and remedied, then a
potential intrusion is prevented. While not all software
vulnerabilities are known, 86
percent of vulnerabilities leading to a data breach were
...
Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction
This is the final post in the three-part series: Finding Evil in
Windows 10 Compressed Memory. In the first post (Volatility
and Rekall Tools), the FLARE team introduced updates to
...
Finding Evil in Windows 10 Compressed Memory, Part Two: Virtual Store Deep Dive
Introduction
This blog post is the second in a three-part series covering our
Windows 10 memory forensics research and it coincides with our BlackHat
USA 2019 presentation. In Part
One of the series,...
Commando VM 2.0: Customization, Containers, and Kali, Oh My!
The Complete Mandiant Offensive Virtual Machine (“Commando VM”)
swept the penetration testing community by storm when it debuted in
early 2019 at Black Hat Asia Arsenal. Our 1.0
release made headway featuring more than 170 tools....
APT41: A Dual Espionage and Cyber Crime Operation
Today, FireEye Intelligence is releasing a comprehensive report
detailing APT41, a prolific Chinese cyber threat group that carries
out state-sponsored espionage activity in parallel with financially
motivated operations. APT41 is unique among tracked China-based actors
...
Announcing the Sixth Annual Flare-On Challenge
The FireEye Labs Advanced Reverse Engineering (FLARE) team is
thrilled to announce that the popular Flare-On reverse engineering
challenge will return for the sixth straight year. The contest will
begin at 8:00 p.m. ET on Aug....
Finding Evil in Windows 10 Compressed Memory, Part One: Volatility and Rekall Tools
Paging all digital forensicators, incident responders, and memory
manager enthusiasts! Have you ever found yourself at a client site
working around the clock to extract evil from a Windows 10 image? Have
you hit the wall...
Hard Pass: Declining APT34’s Invite to Join Their Professional Network
Background
With increasing geopolitical tensions in the Middle East, we expect
Iran to significantly increase the volume and scope of its cyber
espionage campaigns. Iran has a critical need for strategic
intelligence and is likely to...
Hunting COM Objects (Part Two)
Background
As a follow up to Part
One in this blog series on COM object hunting, this post will
talk about taking the COM object hunting methodology deeper by looking
at interesting COM object...
Ning Wang – Offensive Security
Ning WangCEO Offensive Security
Why Nominated: Ning Wang is a rising star has worked to break the
boundaries in the security industry, so that people can see that anyone is
capable of starting a career in cybersecurity and advancing it –...
Dani Martínez – IOActive
Dani MartínezSecurity ConsultantIOActive
Why nominated:
Dani Martínez proved to be a self-starter, beginning his career in
IT he soon developed an interest in cybersecurity and began taking online
courses in his spare time. Martínez also dove write in and began a
cybersecurity blog...
Maurice Stebila – Harman, a Samsung Company
Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company
Why nominated: Maurice Stebila has spent more than 30 years in the automotive,
manufacturing and financial services industry supporting two of the world’s
largest companies – EDS/General Motors and Harman by Samsung...
Ed Adams – Security Innovation
Ed AdamsPresident and CEOSecurity Innovation
Why Nominated:
A highly respected veteran of the cybersecurity industry, Security Innovation
CEO Ed Adams has taken on several new leadership roles in the year or so. Last
April, he was named to board of directors of...
David Archer – Galois
David ArcherPrincipal scientistGalois
Why Nominated: Archer, an
advocate for preserving privacy of data even when it’s used in decision-making
both within the U.S. at all levels of government as well as internationally,
directs research in privacy-preserving information technologies.
Profile: David Archer is all...
