Archive for 'August 2013'
August 27, 2013 6:26 PM By Mary Singh
You found a malicious executable! Now you've got a crucial question to answer: did the file execute? We'll discuss a few sources of evidence you can use to answer this question. In this post, we will focus on static or "dead drive" forensics on Windows systems. We will cover four main sources of evidence: Windows Prefetch, Registry, Log Files, and File Information.Read more...
August 23, 2013 4:00 AM By Nart Villeneuve, Ned Moran, Thoufique Haq | Threat Research
August 22, 2013 7:31 PM By Jeff Hamm
August 21, 2013 4:00 AM By Darien Kindlund | Threat Research
August 20, 2013 8:18 PM By Richard Bejtlich
August 19, 2013 2:38 PM By Ned Moran | Threat Research
August 13, 2013 8:59 PM By Helena Brito
Welcome to the dog days of summer, everyone. Here's hoping you can enjoy a few days at the pool before it closes, host a final BBQ for friends, and enjoy the nice light commute to work before school is back in session.Read more...
August 12, 2013 6:36 PM By Helena Brito
Another Black Hat has come and gone, and with it the flurry of activities while in Las Vegas, NV. We here at Mandiant were in full swing at the show with a booth, training courses, M-Lair, arsenal sessions, and book signings; just to name a few events. It's a lot to take in, but I made sure to snap some photos through-out the week. You can view the album here: http://mnd.tt/bh13photosRead more...
August 12, 2013 4:00 AM By Ned Moran, Nart Villeneuve | Threat Research
August 9, 2013 4:00 AM By Tony Lee, Dennis Hanzlik, Ian Ahl | Threat Research
August 7, 2013 4:00 AM By Tony Lee, Dennis Hanzlik, Ian Ahl | Threat Research
August 5, 2013 4:21 PM By Thoufique Haq, Nart Villeneuve
August 1, 2013 6:33 PM By Helena Brito
In the midst of Black Hat USA 2013, Kristen Cooper sits down with Will Gibb, a threat indicator engineer at Mandiant and the lead maintainer of several OpenIOC projects.Read more...
August 1, 2013 5:00 PM By Abhishek Singh, Zheng Bu