Home Contact

M-unition

The Ammunition You Need to Find Evil and Solve Crime

About Us

Welcome to M-unition, the MANDIANT blog. Here we share our insights about the tools we create and use to find evil and solve crime.

M-Trends #2: Everything Old is New Again – Targeted Attackers Using Passive Backdoors to Evade Networks

Written by Grady Summers

Earlier this week, I talked about malware threats. Today, we’ll address a new trend.  Turns out the perpetrators of targeted attacks are pragmatic, and are happy to borrow techniques that are even a decade old.

Trend #2 in M-Trends: An Evolving Threat is titled “Everything Old Is New Again,” and talks about how we saw a real uptick in the use of web shells and miniport drivers for persistence in 2011. Read the rest

Tags: , , , , , , , , , , ,

. 16 May 12 | The Armory | Comments (0)

Taking An Adversarial Approach in Cybersecurity

Written by Helena Brito

It is no secret that nation states like China and Russia are attacking U.S.-based businesses in an attempt to steal valuable trade secrets. From a cybersecurity perspective, a key question organizations face is whether they should focus on reactively protecting assets from the bad guys, or to take a more proactive approach to find and contain adversaries who are already in their environment. Read the rest

Tags: , , , , , , , , , ,

. 15 May 12 | The Suite Spot | Comments (0)

M-Trends #1: Malware Only Tells Half the Story

Written by Grady Summers

When I joined Mandiant earlier this year, I was given the opportunity to help write our annual M-Trends report. This is the third year Mandiant has published the report, which is a summary of the trends we’ve observed in our investigations over the last twelve months. Read the rest

Tags: , , , , , , ,

. 14 May 12 | The Armory | Comments (0)

Former McAfee CEO, David DeWalt, Joins Mandiant’s Board and Talks Targeted Attacks

Written by David DeWalt

There is no such thing as perfect security. As CEO and President of McAfee, I saw first-hand how some of the largest companies with the most sophisticated security programs were routinely compromised. They were diligent. They were compliant. It wasn’t enough. Read the rest

Tags: , , , , , , , , ,

. 08 May 12 | The Whiteboard | Comments (0)

Portable Agents to QuickScans: Tips on Using the Latest Version of Redline

Written by Doug Wilson

So far, in working with Redline™ 1.5, I have uncovered a few interesting bits above and beyond what we discussed in the last Fresh Prints of Mal-ware: IOCing Red webinar. I would like to share that with you today, and discuss a recent Google+ Hangout we conducted on the topic of Redline and Indicators of Compromise (IOCs). Read the rest

Tags: , , ,

. 03 May 12 | The Armory | Comments (0)

Exploring Symbol Type Information with PdbXtract

Written by Aaron LeMasters

Mandiant is introducing a new free tool today, PdbXtract™, which allows you to browse and search PDB-type information.

PdbXtract allows you to explore symbolic type information as extracted from Microsoft PDB files. This tool is primarily designed for reverse engineering Windows-based applications and for exploring the internals of Windows kernel components. Read the rest

Tags: , , ,

. 24 Apr 12 | The Armory | Comments (0)
« Previous Posts