IDA Pro comes with an incredibly useful array of type information gathered from various compilers. Whenever a user names a location, IDA searches its currently loaded type libraries to see if that name is a known function. If the function is found, IDA applies the function declaration to that location. For example, Figure 1 shows an array of DWORDS. During reverse engineering, I determined that these are function pointers to MS SDK API functions.Read more...
Entries filed under 'Malware'
Threat Research Blog
FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.
April 22, 2013 4:27 PM By Richard Bejtlich
While conducting incident response work, Mandiant encounters security teams and executives who seem to focus on malware as the defining feature of a compromise. These groups think that the scope of an incident depends on knowing where the intruder installed malware. Knowing where malware was used, and how it was used, is indeed important for effective incident response. Unfortunately, knowledge of malware, however complete, is only half the picture.Read more...
February 26, 2013 10:32 PM By Helena Brito
Live from RSA USA 2013, Mandiant's Jen Weedon sits down with our host, Kristen Cooper, to give listeners a download on the Mandiant Intelligence Center. Jen explains how this easy-to-use-portal gives customers the ability access the same intel that Mandiant tracks. In fact, the APT1 report we recently released is a great example of what our Intel team is capable of.Read more...
February 25, 2013 3:52 PM By Helena Brito
February 5, 2013 6:00 AM By Abhishek Singh, Ali Islam