M-Trends #2: Everything Old is New Again – Targeted Attackers Using Passive Backdoors to Evade Networks
Written by Grady Summers
Earlier this week, I talked about malware threats. Today, we’ll address a new trend. Turns out the perpetrators of targeted attacks are pragmatic, and are happy to borrow techniques that are even a decade old.
Trend #2 in M-Trends: An Evolving Threat is titled “Everything Old Is New Again,” and talks about how we saw a real uptick in the use of web shells and miniport drivers for persistence in 2011. Read the rest
Tags: command and control, Grady Summers, host-based detection, IDS, intrusion detection, M-Trends, M-Trends 2012., malware, MANDIANT, NDIS, network detection, web shells
Taking An Adversarial Approach in Cybersecurity
Written by Helena Brito
It is no secret that nation states like China and Russia are attacking U.S.-based businesses in an attempt to steal valuable trade secrets. From a cybersecurity perspective, a key question organizations face is whether they should focus on reactively protecting assets from the bad guys, or to take a more proactive approach to find and contain adversaries who are already in their environment. Read the rest
Tags: Advanced Persistent Threat, APT, China and Russia Cyber Attacks, CSO, cybercrime, cybersecurity, Kevin Mandia, MANDIANT, nation states, NPR, Richard Bejtlich
M-Trends #1: Malware Only Tells Half the Story
Written by Grady Summers
When I joined Mandiant earlier this year, I was given the opportunity to help write our annual M-Trends report. This is the third year Mandiant has published the report, which is a summary of the trends we’ve observed in our investigations over the last twelve months. Read the rest
Tags: Advanced Persistent Threat, APT, incident response, intrusion detection, M-Trends, M-Trends 2012., malware, MANDIANT
Former McAfee CEO, David DeWalt, Joins Mandiant’s Board and Talks Targeted Attacks
Written by David DeWalt
There is no such thing as perfect security. As CEO and President of McAfee, I saw first-hand how some of the largest companies with the most sophisticated security programs were routinely compromised. They were diligent. They were compliant. It wasn’t enough. Read the rest
Tags: Advanced Persistent Threat, APT, Cyber Security, cyber war, Dave DeWalt, Institutional Investor Magazine, Mandiant Board of Directors, McAfee, National Critical Infrastructure, Targeted Attacks
Portable Agents to QuickScans: Tips on Using the Latest Version of Redline
Written by Doug Wilson
So far, in working with Redline™ 1.5, I have uncovered a few interesting bits above and beyond what we discussed in the last Fresh Prints of Mal-ware: IOCing Red webinar. I would like to share that with you today, and discuss a recent Google+ Hangout we conducted on the topic of Redline and Indicators of Compromise (IOCs). Read the rest
Tags: free tools, Freeware, Portable Agent, Redline
Exploring Symbol Type Information with PdbXtract
Written by Aaron LeMasters
Mandiant is introducing a new free tool today, PdbXtract™, which allows you to browse and search PDB-type information.
PdbXtract allows you to explore symbolic type information as extracted from Microsoft PDB files. This tool is primarily designed for reverse engineering Windows-based applications and for exploring the internals of Windows kernel components. Read the rest
Tags: free tools, Freeware, PDB, PdbXtract

