I just published dissect.cobaltstrike v1.0.0. It now supports parsing and decrypting C2 traffic from PCAP files and also adds Beacon Client support which allows you to connect to a Team Server and receive tasks and send back data like a real Beacon. github.com/fox-it/dissect…

With the takedown of Flubot in 2022, Hydra has evolved itself to become one of the most active financial mobile malware families. Check out Alberto Segura's latest research blog: blog.fox-it.com/2023/02/15/thr…

Last month, we've identified 286 backdoored R1soft Server Backup Manager servers by an adversary, whose interest seems to be exfiltrating important system administrator files. Read more about this in our blog!

Insane dream job offers get insane network compromises! Follow our Part 1 and Part 2 blog posts on suspected DPRK espionage activity #unc2970

#foramoresecuresociety 💙🦊 politie.nl/nieuws/2023/au…

We tracked UNC3944's shift from Telecom and BPO targeting to ALPHV ransomware extortion targeting retail, hospitality and more: mandiant.com/resources/blog…

A China-backed spy group breached 29 orgs' networks in 2022-23 using a method you might expect to find in 2012 or 2008: infected USB thumbdrives. wired.com/story/china-us… In many cases, malware hit multinationals' Africa-based staff, coming from spots like airport internet cafes.

mandiant.com/resources/blog… In March of this year we began seeing similar blending efforts that we saw DPRK do during the pandemic, then 3CX popped off giving us more insight, then Andariel’s ROCKHATCH malware popped off with fingerprints of two other APTs in it….

New Mandiant (part of Google Cloud) blog on the Ivanti Connect Secure zero-day exploitation! mandiant.com/resources/blog…

DPRK ITW Podcast from Mandiant open.spotify.com/episode/0xeaav…

🙌🙌

I'm excited to announce that I'm hiring two Detection Engineers for the Mandiant Detection Engineering Team! Come build detections at a global scale for cutting edge threats on an amazing team. Apply here google.com/about/careers/… #DetectionEngineering #Mandiant #Detection

🚨 RooCon24 CFP 🦘 Call for Proposals for RooCon24 is live! We're waiting for your submissions until 9th of August. Looking forward to your attribution case studies and adversarial tradecraft research. Spread the word and RT! rsvp.withgoogle.com/events/roocon2…

APT41 has been infiltrating and stealing sensitive data from organizations in the global shipping, media, tech, and automotive sectors since 2023. This campaign impacted companies in Italy, Spain, Taiwan, Thailand, Turkey, and the UK. cloud.google.com/blog/topics/th…

Let’s go ahead and kick this off cloud.google.com/blog/topics/th…

Another year, another 0-day exploited by China-nexus actors in edge devices. cloud.google.com/blog/topics/th… Great work by my colleagues John and Josh++

Having convertible detection content is great, no doubt. What I think is underrated is blueteam-focused tradecraft intel. Red teams share it all the time, we should too. A threat group recently showed creativity with a known technique. Here's how it worked cloud.google.com/blog/topics/th…

“I didn’t know limewire was still a thing” the latest on Shiny Hunters cloud.google.com/blog/topics/th…

From the targeting of Tier-0 assets to the rise of high-velocity access handoffs, M-Trends 2026 Report provides a roadmap for navigating today's most complex security challenges. Read the full report: goo.gle/3NYELk9

in light of rapid7.com/blog/post/tr-b… save yourself some time analyzing and crafting the packets for the right scanning method: github.com/cloudflare/fil…