M-unition 2.0: Changes on the Horizon
Written by Helena Brito
With the new year comes some exciting changes for MANDIANT’s M-unition blog. We began the blog back in 2008 to share interesting research, new tools and new ideas. But we’ve seen the industry (and the threats) evolve over the last four years. Security isn’t just a topic for the technical crowd. Targeted threats – and the risks they present – are fast becoming a topic in the board room and beyond. Read the rest
Tags: advanced persistent threats, APT, CSO, cybersecurity, incident response, information security, MANDIANT
. 09 Feb 12 | The Suite Spot | Comments (0)
Tearing up the Windows Registry with python-registry
Written by William Ballenthin
Recently, I wanted to dig deep into a forensic artifact resident in the Windows Registry. To make the task more interesting, I challenged myself to use only tools native to my favorite operating system: Linux. I was quickly disappointed, however, as there are few open and cross-platform tools for Windows Registry forensics beyond Perl’s Win32::Registry. Read the rest
Tags: forensics, incident response, python, registry
. 20 Jul 11 | The Lab | Comments (3)
Jamie Butler named to the Black Hat Review Board
Written by Travis Reese
MANDIANT would like to congratulate Jamie Butler on his appointment to the Black Hat Review Board. Black Hat is one of the premier technical security conferences, and Jamie’s appointment to its board is a testament to his contributions in advancing the field of computer security. Read the rest
Tags: Black Hat, incident response, malware analysis, Memory analysis, speaking, The Suite Spot, Training
. 19 May 11 | The Suite Spot | Comments (0)
MIR 2.0 Released
Written by Jeff Yeutter
Incident response (IR) is hard. I know this because I said “damn, this is hard” the first time I sat down to conduct proper IR using Console, the investigator client for the MANDIANT Intelligent Response appliance. Since then, I have learned a lot about incident response, memory and disk forensics, hooking and other technical details. Read the rest
Tags: incident response, MIR 2.0, Redline
. 16 May 11 | The Armory | Comments (0)
Find Evil and Solve Crime, Part 1: Focus
Written by Jason Luttgens
This is part one of a series of posts I plan to make on what Mandiant does to “Find Evil and Solve Crime“. These posts should help to make your organization better, faster and stronger at performing effective computer security incident investigations. Read the rest
Tags: incident response, investigation
. 24 Aug 10 | The Suite Spot | Comments (0)
SANS WhatWorks Summit in Forensics and Incident Response
Written by Jamie Butler
The SANS WhatWorks Summit is quickly approaching, and I am excited to attend for the first time this year. Peter Silberman and I will be presenting on memory forensics. There has been some recent public debate about the usefulness of memory forensics. Read the rest
Tags: DailyDave, Find Evil, forensics, incident response, memory, SANS
. 01 Jun 09 | The Whiteboard | Comments (0)
Channels
Recent Posts
- M-unition 2.0: Changes on the Horizon
- DoD Cyber Crime Conference Presentation: Recipes for Remediation
- Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
- Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
- Vulnerability and Exploit Terminology Webinar
Follow us on Twitter
- Mandiant: M's @mikesiko created a free tool, FakeNet. Attend this month's webinar to learn more about it http://t.co/fd7Bf8Vj #infosec #malware #dfir
- Mandiant: M's @helenabrito discusses exciting changes on the horizon for the M-unition blog http://t.co/2zo9pOSa #infosec #dfir #cybersecurity
- Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj