As defensive security controls raise the bar to attack, attackers will employ increasingly sophisticated techniques to complete their mission. Understanding the mechanics and impact of these threats is essential to systematically discover and deflect the coming wave of advanced attacks.Read more...
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
March 8, 2016 8:00 AM By Brian Jones | Exploits, Threat Research
February 23, 2016 8:00 AM By Abdulellah Alsaheel , Raghav Pande | Advanced Malware, Threat Research
Microsoft's Enhanced Mitigation Experience Toolkit, EMET, adds security mitigations beyond what's built into the operating system, but attackers are sometimes able to bypass it. We discuss how in this blog.
February 18, 2016 12:00 PM By Zain Gardezi , Kenneth Hsu | Advanced Malware, Threat Research
Just because a malware campaign is old doesn't mean it's not in existence. Our FireEye researchers have discovered compromised websites that still host an old, but persistent, VBScript worm that can do serious harm.
February 11, 2016 7:53 AM By Matthew Dunwoody | Threat Research, Vulnerabilities
Mandiant is continuously investigating attacks that leverage Powershell throughout all phases of the attack. A common issue we experience is a lack of available logging that adequately shows what actions the attacker performed using PowerShell. In those investigations, Mandiant routinely offers guidance on increasing PowerShell logging to provide investigators a detection mechanism for malicious activity and a historical record of how PowerShell was used on systems. This blog post details various PowerShell logging options and how they can help you obtain the visibility needed to better respond, investigate, and remediate attacks involving PowerShell.Read more...