What the fxsst?
Written by Nick Harbour
If you deal with the same threats that Mandiant does, you may have noticed a lot of malware lately named “fxsst.dll”. If you’re wondering why this is happening, this article is for you.
When I spend time working solely on reverse engineering malware, I don’t often get the whole story with a malware sample. Read the rest
Tags: fxsst.dll, malware, malware analysis, ntshrui.dll
. 03 Jun 11 | The Whiteboard | Comments (0)
DLL Search Order Hijacking Revisited
Written by Nick Harbour
Since my last blog post on the topic of DLL Search Order Hijacking there has been a lot of community activity in this area. The purpose of this article is to differentiate the specific hijack technique I was describing from the one that is currently being discussed in the media as well as propose my own solution to the problem. Read the rest
Tags: hijacks, malware, secure coding
. 31 Aug 10 | The Suite Spot | Comments (0)
Malware Persistence without the Windows Registry
Written by Nick Harbour
For an attacker to maintain a foothold inside your network they will typically install a piece of backdoor malware on at least one of your systems. The malware needs to be installed persistently, meaning that it will remain active in the event of a reboot. Read the rest
Tags: KnownDLLs, malware, persistence
. 15 Jul 10 | The Suite Spot | Comments (2)
DOD Cyber Crime: New Audit Viewer/Memoryze
Written by Peter Silberman
MANDIANT is going to be at DOD Cyber Crime this year. Jamie and I have both been heads down for many weeks now working on some pretty cool stuff. We are starting to come up for air and what that means for you is updates to Memoryze and Audit Viewer. Read the rest
Tags: APT, Audit Viewer, DC3, DOD Cyber Crime, malware, Malware Rating Index, MANDIANT, Memoryze, MRI
. 21 Jan 10 | The Whiteboard | Comments (0)
State Of Malware: Explosion of the Axis of Evil, slides etc
Written by Peter Silberman
Last week Ero Carrera and I spoke at Source Barcelona. As I mentioned previously on this blog we were both very excited to give this talk. The talk went very well! We could not have asked for a better audience. Read the rest
Tags: APT, malware, MANDIANT, source, source barcelona, virus total
. 05 Oct 09 | The Suite Spot | Comments (0)
Channels
Recent Posts
- Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
- Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
- Vulnerability and Exploit Terminology Webinar
- Creating an IOC to Spot the Duqu Family
- Using Redline & OpenIOC to Build Effective Indicators
Follow us on Twitter
- Mandiant: RT @cbentle2: @OpenIOC Updated #IOC posted https://t.co/Y2PGTuqE #dfir
- Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
- Mandiant: @_saadk Thanks for the #FF!