Mandiant is continuously investigating attacks that leverage Powershell throughout all phases of the attack. A common issue we experience is a lack of available logging that adequately shows what actions the attacker performed using PowerShell. In those investigations, Mandiant routinely offers guidance on increasing PowerShell logging to provide investigators a detection mechanism for malicious activity and a historical record of how PowerShell was used on systems. This blog post details various PowerShell logging options and how they can help you obtain the visibility needed to better respond, investigate, and remediate attacks involving PowerShell.Read more...
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
- A new version of CenterPOS, known in the cybercrime underground as Cerebrus, has been discovered. This new version now contains additional command options, as well as a configuration file that holds the command and control data and the encryption key.
February 9, 2016 7:00 AM By Tyler Dean | Exploits
This blog post shows the power of using the flare-dbg plug-ins with a debugger to gain insight into how the malware operates at runtime.Read more...
January 29, 2016 8:00 AM By Robert Venal | Botnets, Threat Research
The Dridex botnet appeared to have slowed down during the 2015 holiday season but the prolific botnet has appeared again since January 1 and appears to be picking up momentum.
January 28, 2016 8:00 AM By FireEye Threat Intelligence | Advanced Malware, Threat Research
January 27, 2016 8:00 AM By Jing Xie, Jimmy Su, Zhaofeng Chen | Mobile Threats, Threat Research
What are the security risks of iOS apps? While some alternative solutions make it more efficient for developers ito update their apps, they don't meet the strict security standards Apple has in place, which could lead to compromised code.Read more...