Written by: Muhammad Umair Here at Mandiant FLARE, malware reverse engineering is a regular part of our day jobs. At times we are required to perform basic triages on binaries, where every hour saved is critical to incident response timelines.…
Category: Threat Intelligence
Bridging the Gap: Elevating Red Team Assessments with Application Security Testing
Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost < div class=”block-paragraph_advanced”> Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and techniques of…
(QR) Coding My Way Out of Here: C2 in Browser Isolation Environments
Written by: Thibault Van Geluwe de Berlaere Executive Summary Browser isolation is a security technology where web browsing activity is separated from the user’s local device by running the browser in a secure environment, such as a cloud server or…
Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation
Matthijs Gielen, Jay Christiansen < div class=”block-paragraph_advanced”> Background New solutions, old problems. Artificial intelligence (AI) and large language models (LLMs) are here to signal a new day in the cybersecurity world, but what does that mean for us—the attackers and…
Emerging Threats: Cybersecurity Forecast 2025
Every November, we start sharing forward-looking insights on threats and other cybersecurity topics to help organizations and defenders prepare for the year ahead. The Cybersecurity Forecast 2025 report, available today, plays a big role in helping us accomplish this mission.…
Flare-On 11 Challenge Solutions
Written by: Nick Harbour The eleventh Flare-On challenge is now over! This year proved to be a tough challenge for the over 5,300 players, with only 275 completing all 10 stages. We had a blast making this contest and are…
(In)tuned to Takeovers: Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments
Written by: Thibault Van Geluwe de Berlaere, Karl Madden, Corné de Jong < div class=”block-paragraph_advanced”>The Mandiant Red Team recently supported a client to visualize the possible impact of a compromise by an advanced threat actor. During the assessment, Mandiant moved…
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives
In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware using a Telegram persona named “Civil Defense”. “Civil Defense”…
Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson < div class=”block-paragraph_advanced”> Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices in…
How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
Written by: Casey Charrier, Robert Weiner < div class=”block-paragraph_advanced”>Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were exploited as zero-days…