Tearing up the Windows Registry with python-registry
Written by William Ballenthin
Recently, I wanted to dig deep into a forensic artifact resident in the Windows Registry. To make the task more interesting, I challenged myself to use only tools native to my favorite operating system: Linux. I was quickly disappointed, however, as there are few open and cross-platform tools for Windows Registry forensics beyond Perl’s Win32::Registry. Read the rest
Tags: forensics, incident response, python, registry
. 20 Jul 11 | The Lab | Comments (3)
What the fxsst?
Written by Nick Harbour
If you deal with the same threats that Mandiant does, you may have noticed a lot of malware lately named “fxsst.dll”. If you’re wondering why this is happening, this article is for you.
When I spend time working solely on reverse engineering malware, I don’t often get the whole story with a malware sample. Read the rest
Tags: fxsst.dll, malware, malware analysis, ntshrui.dll
. 03 Jun 11 | The Whiteboard | Comments (0)
State of the Hack: What size is your compromise?
Written by Lucas Zaichkowsky
At MANDIANT, we respond when the advanced threats attack. The most common and media enriched group is the Advanced Persistent Threat (APT). The APT are professionals. They hack for their supporting state with goals of industrial and economic espionage. The groups we identify and classify have a wide range of skill sets. Read the rest
. 20 May 11 | The Whiteboard | Comments (0)
Jamie Butler named to the Black Hat Review Board
Written by Travis Reese
MANDIANT would like to congratulate Jamie Butler on his appointment to the Black Hat Review Board. Black Hat is one of the premier technical security conferences, and Jamie’s appointment to its board is a testament to his contributions in advancing the field of computer security. Read the rest
Tags: Black Hat, incident response, malware analysis, Memory analysis, speaking, The Suite Spot, Training
. 19 May 11 | The Suite Spot | Comments (0)
MIR 2.0 Released
Written by Jeff Yeutter
Incident response (IR) is hard. I know this because I said “damn, this is hard” the first time I sat down to conduct proper IR using Console, the investigator client for the MANDIANT Intelligent Response appliance. Since then, I have learned a lot about incident response, memory and disk forensics, hooking and other technical details. Read the rest
Tags: incident response, MIR 2.0, Redline
. 16 May 11 | The Armory | Comments (0)
MANDIANT Exhibiting at CEIC 2011
Written by Helena Brito
If you are attending this year’s CEIC conference in Orlando, FL, make sure you stop by the MANDIANT booth (#706) at the show. We will be on-hand to demo MIR 2.0 and discuss new enhancements to the product. In addition, both the VP of products and Product Manager will be there to answer any of your questions. Read the rest
. 16 May 11 | The Whiteboard | Comments (0)
Channels
Recent Posts
- DoD Cyber Crime Conference Presentation: Recipes for Remediation
- Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
- Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
- Vulnerability and Exploit Terminology Webinar
- Creating an IOC to Spot the Duqu Family
Follow us on Twitter
- Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
- Mandiant: RT @bkchristopher: The BKChristopher Daily is out! http://t.co/G12zUzeS ▸ Top stories today via @mandiant
- Mandiant: M's looking for a Manager, MCIRT SOC in Redwood City, CA. Interested or know someone? http://t.co/TyxHEgfy #infosec #dfir #jobs