Collaborate Disseminate
Introduction
FireEye’s Mandiant Red Team recently discovered vulnerabilities
present on the Logitech Harmony Hub Internet of Things (IoT) device
that could potentially be exploited, resulting in root access to the
device via SSH. The Harmon… Continue reading Rooting a Logitech Harmony Hub: Improving Security in Today’s IoT World
For IT staff and Windows power users, Microsoft Terminal Services
Remote Desktop Protocol (RDP) is a beneficial tool that allows for the
interactive use or administration of a remote Windows system.
However, Mandiant consultants have also observe… Continue reading Establishing a Baseline for Remote Desktop Protocol
FireEye Labs recently identified several widespread malspam (malware
spam) campaigns targeting Brazilian companies with the goal of
delivering variants of a banking Trojan that we identify as Metamorfo.
Across the stages of these campai… Continue reading Metamorfo Campaigns Targeting Brazilian Users
In the wake of recent hacking tool dumps, the FLARE team saw a spike
in malware samples detonating kernel shellcode. Although most samples
can be analyzed statically, the FLARE team sometimes debugs these
samples to confirm specific functionality… Continue reading Loading Kernel Shellcode
Introduction
Cyber criminals have always been attracted to cryptocurrencies
because it provides a certain level of anonymity and can be easily
monetized. This interest has increased in recent years, stemming far
beyond the desire to simply use cr… Continue reading How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape:
Blockchain Infrastructure Use
Introduction
IDA Pro is the de
facto standard when it comes to binary reverse engineering. Besides
being a great disassembler and debugger, it is possible to extend it
and include a powerful decompiler by purchasing an additional license
fro… Continue reading Solving Ad-hoc Problems with Hex-Rays API
Over the last few months, FireEye has tracked an in-the-wild campaign
that leverages compromised sites to spread fake updates. In some
cases, the payload was the NetSupport Manager remote access tool
(RAT). NetSupport Manager is a commercially av… Continue reading Fake Software Update Abuses NetSupport Remote Access Tool
What have incident responders observed and learned from cyber attacks
in 2017? Just as in prior years, we have continued to see the cyber
security threat landscape evolve. Over the past twelve months we have
observed a number of new trends and ch… Continue reading M-Trends 2018
Introduction
In the third week of March 2018, through FireEye’s Dynamic Threat
Intelligence, FireEye discovered malicious macro-based Microsoft Word
documents distributing SANNY malware to multiple governments
worldwide. Each malicious docu… Continue reading SANNY Malware Delivery Method Updated in Recently Observed Attacks
Skilled attackers continually seek out new attack vectors, while
employing evasion techniques to maintain the effectiveness of old
vectors, in an ever-changing defensive landscape. Many of these threat
actors employ obfuscation frameworks for com… Continue reading DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques