Learn how to use flare-qdb to bring “script block logging” to the Windows command interpreter, and more.Read more...
Entries filed under 'scripting'
Threat Research Blog
FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.
FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)January 4, 2017 9:02 AM By Michael Bailey | Advanced Malware
The latest in the script series from the FireEye Labs Advanced Reverse Engineering (FLARE) steps through a command-line utility and Python module for querying and altering dynamic binary state.
February 18, 2016 12:00 PM By Zain Gardezi , Kenneth Hsu | Advanced Malware
Just because a malware campaign is old doesn't mean it's not in existence. Our FireEye researchers have discovered compromised websites that still host an old, but persistent, VBScript worm that can do serious harm.
February 11, 2016 7:53 AM By Matthew Dunwoody | Vulnerabilities
Mandiant is continuously investigating attacks that leverage Powershell throughout all phases of the attack. A common issue we experience is a lack of available logging that adequately shows what actions the attacker performed using PowerShell. In those investigations, Mandiant routinely offers guidance on increasing PowerShell logging to provide investigators a detection mechanism for malicious activity and a historical record of how PowerShell was used on systems. This blog post details various PowerShell logging options and how they can help you obtain the visibility needed to better respond, investigate, and remediate attacks involving PowerShell.Read more...
November 29, 2012 9:48 PM By Jay Smith
In the five years I have been a part of Mandiant's malware analysis team (now formally known as M-Labs) there have been times when I've had to reverse engineer chunks of shellcode. In this post I will give some background on shellcode import resolution techniques and how to automate IDA markup to allow faster shellcode reverse engineering.Read more...