Records enable analysts to identify both executed files and deleted attacker files. Microsoft's System Center Configuration Manager (SSCM) software can record the several forensic artifacts that provide critical information in these files as part of a well-balanced investigation strategy.Read more...
Entries filed under 'Microsoft'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
July 18, 2016 8:00 AM By Ankit Anubhav , Raghav Ellur | Advanced Malware, Threat Research
A new feature of the FireEye Endpoint Security platform detected a Cerber ransomware campaign and alerted customers in the field. The campaign distributed a malicious Microsoft Word document that could contact an attacker-congrolled website to download and install the Cerber family of ransomware.
February 23, 2016 8:00 AM By Abdulellah Alsaheel , Raghav Pande | Advanced Malware, Threat Research
Microsoft's Enhanced Mitigation Experience Toolkit, EMET, adds security mitigations beyond what's built into the operating system, but attackers are sometimes able to bypass it. We discuss how in this blog.
September 8, 2015 12:00 PM By Dan Caselden, Daniel Regalado, Genwei Jiang, Kenneth Hsu, Yu Wang | Exploits, Threat Research
June 17, 2015 2:29 PM By Timothy Parisi | Threat Research, Vulnerabilities
The Shimcache is extremely powerful source of evidence to help focus investigations and provide greater confidence to every day tough questions.