Discover and read the best of Twitter Threads about #ManagedDefense
Most recents (2)
Word to your moms (certutil qualms)
They came to drop FOMBs!
🆕 #ManagedDefense Blog: fireeye.com/blog/threat-re…
Our awesome global SOC team ran into something interesting:
1️⃣ WMI compiled .bmf files (FOMB file magic) – new [to me] implementation
2️⃣ Weaver exploit (still no CVE!)
They came to drop FOMBs!
🆕 #ManagedDefense Blog: fireeye.com/blog/threat-re…
Our awesome global SOC team ran into something interesting:
1️⃣ WMI compiled .bmf files (FOMB file magic) – new [to me] implementation
2️⃣ Weaver exploit (still no CVE!)
Blog/section titles that should make all dads proud:
• The analysts who found it & authored the blog are in the Dublin SOC – so the blog title is a homage to @houseofpain1's 2/3 Irish heritage.
• Everybody’s Working for the Recon
• FOMBs Away
• String it to Weaver
• The analysts who found it & authored the blog are in the Dublin SOC – so the blog title is a homage to @houseofpain1's 2/3 Irish heritage.
• Everybody’s Working for the Recon
• FOMBs Away
• String it to Weaver
Really great to see the SOC share a glimpse of the activity they deal with every day. They did all the hard work here.
I added the note on origins of mofcomp usage from @cglyer and @_devonkerr_'s 2014 "There’s Something about WMI" talk: fireeye.com/content/dam/fi…
I added the note on origins of mofcomp usage from @cglyer and @_devonkerr_'s 2014 "There’s Something about WMI" talk: fireeye.com/content/dam/fi…
We're doing a special #StateOfTheHack episode this week with two of the technical experts who worked for months to graduate the activity clusters into #APT41. I'm sure @cglyer will pepper in #DFIR war stories.
If you've read the report (below),
what QUESTIONS do you still have?
If you've read the report (below),
what QUESTIONS do you still have?
I plan to go deeper on #APT41's:
1️⃣ Supply chain compromises (and nuanced attrib)
2️⃣ Linux & Windows MBR bootkits and how they were found 😉
3️⃣ Third party access 🌶️
4️⃣ Legitimate web services use (and their obsession with Steam)
+concurrent ops, overlaps!
content.fireeye.com/apt-41/rpt-apt…
1️⃣ Supply chain compromises (and nuanced attrib)
2️⃣ Linux & Windows MBR bootkits and how they were found 😉
3️⃣ Third party access 🌶️
4️⃣ Legitimate web services use (and their obsession with Steam)
+concurrent ops, overlaps!
content.fireeye.com/apt-41/rpt-apt…
@FireEye 📺 #StateOfTheHack Stream
"Double Dragon: The Spy Who Fragged Me" 🎮
#APT41 with Jackie, Ray, and @cglyer
pscp.tv/FireEye/1vAGRW…
"Double Dragon: The Spy Who Fragged Me" 🎮
#APT41 with Jackie, Ray, and @cglyer
pscp.tv/FireEye/1vAGRW…
