Collaborate Disseminate
Introduction
FireEye assesses APT33 may be behind a series of intrusions and
attempted intrusions within the engineering industry. Public reporting
indicates this activity may be related to recent destructive attacks.
FireEye’s Managed
Defense … Continue reading OVERRULED: Containing a Potentially Destructive Adversary
An increasing number of modern antivirus solutions rely on machine
learning (ML) techniques to protect users from malware. While ML-based
approaches, like FireEye Endpoint Security’s MalwareGuard
capability, have done a great job at detecti… Continue reading What are Deep Neural Networks Learning About Malware?
This blog post is the next episode in the
FireEye Labs Advanced Reverse Engineering (FLARE) team Script Series.
Today, we are sharing a new IDAPython library – flare-emu – powered by IDA Pro and the Unicorn emulation
… Continue reading FLARE Script Series: Automating Objective-C Code Analysis with Emulation
This blog post presents a machine learning (ML) approach to solving
an emerging security problem: detecting obfuscated Windows command
line invocations on endpoints. We start out with an introduction to
this relatively new threat capability, and … Continue reading Obfuscated Command Line Detection Using Machine Learning
When Daniel
Bohannon released his excellent DOSfuscation
paper, I was fascinated to see how tricks I used as a systems engineer
could help attackers evade detection. I didn’t have much to contribute
to this conversation until I had to ana… Continue reading Cmd and Conquer: De-DOSfuscation with flare-qdb
Introduction
FireEye devices detected
intrusion attempts against multiple industries, including think
tank, law enforcement, media, U.S. military, imagery,
transportation, pharmaceutical, national government, and defense
contracting.
The… Continue reading Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
FLARE VM is the first of its kind reverse engineering and malware
analysis distribution on Windows platform. Since its introduction
in July 2017, FLARE VM has been continuously trusted and used by
many reverse engineers, malware analysts, and s… Continue reading FLARE VM Update
Overview
In a previous blog post we detailed the TRITON
intrusion that impacted industrial control systems (ICS) at a
critical infrastructure facility. We now track this activity set as
TEMP.Veles. In this blog post we provide additional informat… Continue reading TRITON Attribution: Russian Government-Owned Lab Most Likely Built
Custom Intrusion Tools for TRITON Attackers
Introduction
FireEye iSIGHT Intelligence compiled extensive data from dozens of
ICS security health assessment engagements (ICS Healthcheck) performed
by Mandiant, FireEye’s consulting team, to identify the most pervasive
and highest priority sec… Continue reading ICS Tactical Security Trends: Analysis of the Most Frequent Security
Risks Observed in the Field
We are pleased to announce the conclusion of the fifth annual
Flare-On Challenge. The numbers are in and we can safely say that this
was by far the most difficult challenge we’ve ever hosted. We plan to
reduce the difficulty next year, so i… Continue reading 2018 Flare-On Challenge Solutions