Holiday APT Spectacular
In their final episode of 2018, Christopher Glyer and Nick Carr brought the holiday cheer by providing a wrap-up on interesting targeted attacker activity from the past 90 days, including CNIIHM links to TRITON ICS attacks, suspected APT29 spearphishing campaign, several recent DOJ indictments. They also highlighted some interesting techniques including DNS over HTTPS and profiling victims pre-attack using both compromised websites and Office documents.
Facing Forward: Cyber Security in 2019 and Beyond
In this episode, Christopher Glyer and Nick Carr spoke with Steven Booth, Chief Security Officer at FireEye, to discuss what’s to come in 2019, including attackers and nations attempting to emulate other threat groups, increased leveraging of legitimate services for command and control, machine learning and artificial intelligence, a decreased and more selective use of PowerShell in attacks, and much more. If you want to get into the nitty gritty of cyber security in 2019, you won’t want to miss this episode.
Special Edition: FLARE vs. Carbanak
In this segment, we sit down with two Staff Reverse Engineers on the FLARE team, Michael Bailey (@mykill) and James “Tom” Bennett (@jtbennettjr), who were at CDS this year to discuss the results of nearly 500 total hours of analysis of the Carbanak source code we acquired.
Special Edition: Upgrading to APT38
In this segment, we welcome two core contributors to the APT38 report: Nalani Fraser, Manager of the Advanced Analysis Team, and Jackie O’Leary, Senior Analyst on the Advanced Analysis Team.
Special Edition: Understanding the GRU Indictments
In this segment, we start with the recently announced indictments charging Russian GRU officers with international hacking and related influence and disinformation operations, then bounce to APT28, and the conversation keeps going from there.
Iranian Influence Operation
Christopher Glyer and Nick Carr spoke with FireEye Intel Analyst, Lee Foster on how FireEye identified a suspected influence operation that appears to originate from Iran aimed at audiences in the U.S., U.K., Latin America, and the Middle East.
Special Black Hat Edition: Sean Metcalf
During our chat, Sean explained how he got started in the world of Active Directory security about a decade and a half ago when he was as an Active Directory engineer. He discussed some of the challenges he faced between then and now while traversing relatively uncharted territory.
Special Black Hat Edition: Matt Graeber
Some of the topics covered include PowerShell, Matt’s “Subverting Sysmon” Black Hat USA 2018 talk, and the things that Matt will do in the name of a good cause.
Special Black Hat Edition: Katie Nickels
Special Guest Katie Nickels (@likethecoins) talks about how her team processes new intel as it’s made public (she said she was really excited about our latest FIN7 blog post – thanks Katie!), and about a new ATT&CK philosophy paper MITRE recently released that describes the collaborative process of incorporating new TTPs.
Black Hat USA 2018 Edition
We open up this episode by talking about all things FIN7, including their tools, their tactics, techniques and procedures (TTPs), and some of the ways FIN7 activity changed following arrests made as far back as January.
In this episode we were joined by Dan Perez (@MrDanPerez) of FireEye’s Adversary Pursuit team. We discussed our experiences from FireEye's Congressional roundtable on artificial intelligence, providing insight into the analysis leading up to our report on TEMP.Periscope targeting Cambodian election operations, and broke down several notable adversary methods observed during the past few weeks of responding to intrusions that matter.
Illuminating the Adversary
In May we were joined by Andrew Thompson (@QW5kcmV3) of FireEye’s Adversary Pursuit team. We explore the evolution and current state of cloud services OAuth abuse, how we do technical intelligence & attribution, and some war stories from the past few weeks of responding to intrusions that matter.
Hunting Targeted Attackers @ Scale, Live-ish from RSA
In episode 3, we were joined by Alex Lanstein (@alex_lanstein) - one of the first employees at FireEye who hunts through product telemetry data to identify new targeted campaigns. During the RSA conference, and with so many others referencing breaches and hunting from the periphery, we thought it would be good to chat about primary source data from our on-going APT and FIN attack investigations and how to identify anomalies the way Alex does.
“Activity Round-up”: This week, we talk about new techniques being used by Iran's "MuddyWater" (TEMP.Zagros) and Vietnam's APT32. We discuss our Mandiant response efforts into large Chinese espionage campaigns that have picked up in the past year, highlighting both APT20 targeting of service providers and some fresh TEMP.Periscope activity at many clients.
State of the FIRST
Join us as we kick off our FireEye #StateOfTheHack video series. Part podcast, part happy hour hangout, but all freeform and streaming LIVE. We explain who we are and what we’re doing with this series.