Written by: Nick Harbour When it’s pumpkin spice season, that means it’s also Flare-On Challenge season. The Flare-On Challenge is a reverse engineering contest held every year by the FLARE team, and this marks its eleventh year running. It draws…
Tag: Threat Intelligence
Protecting Multi-Cloud Resources in the Era of Modern Cloud-Based Cyberattacks
Written by: Rupa Mukherjee, Jon Sabberton In the era of multi-cloud adoption, where organizations leverage diverse cloud platforms to optimize their operations, a new wave of security challenges have emerged. The expansion of attack surfaces beyond traditional on-premises environments, coupled…
Insights on Cyber Threats Targeting Users and Enterprises in Mexico
Written by: Aurora Blum, Kelli Vanderlee Like many countries across the globe, Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats, with threat actors carrying out attempted intrusions into critical sectors of…
DeFied Expectations — Examining Web3 Heists
Written by: Robert Wallace, Blas Kojusner, Joseph Dobson Where money goes, crime follows. The rapid growth of Web3 has presented new opportunities for threat actors, especially in decentralized finance (DeFi), where the heists are larger and more numerous than anything…
A Measure of Motive: How Attackers Weaponize Digital Analytics Tools
Adrian McCabe, Ryan Tomcik, Stephen Clement < div class=”block-paragraph_advanced”> Introduction Digital analytics tools are vital components of the vast domain that is modern cyberspace. From system administrators managing traffic load balancers to marketers and advertisers working to deliver relevant content…
I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation
Written by: Ofir Rozmann, Asli Koksal, Sarah Bock Today Mandiant is releasing details of a suspected Iran-nexus counterintelligence operation aimed at collecting data on Iranians and domestic threats who may be collaborating with intelligence and security agencies abroad, particularly in…
PEAKLIGHT: Decoding the Stealthy Memory-Only Malware
Written by: Aaron Lee, Praveeth DSouza TL;DR Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT. Overview Mandiant Managed Defense…
“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services
Written by: Nick McClendon, Daniel McNamara, Jacob Paullus < div class=”block-paragraph_advanced”> Executive Summary Mandiant disclosed this vulnerability to Microsoft via the Microsoft Security Response Center (MSRC) vulnerability disclosure program, and Microsoft has fixed the underlying issue. An attacker with…
Hacking Beyond .com — Enumerating Private TLDs
Written by: Idan Ron < div class=”block-paragraph_advanced”> Background My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL certificates…
Hacking Beyond.com — Enumerating Private TLDs
Written by: Idan Ron < div class=”block-paragraph_advanced”> Background My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL certificates…