But digging through hex dumps, figuring out offsets, and hand-crafting YARA rules is tedious, so we've got a tool for you. Introducing apooxml, a python script to automatically generate YARA rules for embedded content in OOXML documents. github.com/mandiant/apoox…

I've mentioned it before, but accepting a position on the Advanced Practices team has been the best professional decision I've ever made (no exaggeration). Come make the same great choice and work with me!!! #Mandiant #Researcher jobs.smartrecruiters.com/FireEyeInc1/74…

🚨🚨New Tools, Rules, and MORE! 🚨🚨 Today I'm releasing a toolset to hunt for deserialization exploitation by programmatically generating and testing rules: github.com/mandiant/heyse… Check out this blog for a (very) thorough walkthrough of my R&D process mandiant.com/resources/hunt…

We're hiring for the Mandiant (part of Google Cloud) #AdvancedPractices Research team!🦅 ➡️Self-driven defensive- and intel-oriented research ➡️Support Mandiant IRs with research and detection ➡️Codify attacker methodologies ➡️Surface new activity 🔥Great team/mission/data🔥 jobs.smartrecruiters.com/Mandiant/74399…

🚨🚨Today I'm releasing THIRI - a Jupyter notebook for rapidly prototyping threat hunting rules: github.com/mandiant/thiri… THIRI is designed to be super intuitive and even easier to extend than past tools like my own HeySerial. Check out the README for all the deets!

🔥I'm standing up a detection team in Mandiant (part of Google Cloud) #AdvancedPractices🦅 ➡️Support detection efforts across Mandiant ➡️Develop rules for the latest threats, based on Mandiant's insight ➡️Work with AP Research and other Mandiant teams Come help us find evil! jobs.smartrecruiters.com/Mandiant/74399…

Exposed keys are the root of most #cloud attacks we observe at Permiso Security p0 Labs Check out the details of one such incident that led to crypto mining permiso.io/blog/s/anatomy…

Sometimes you just want to hunt 🔫 Three excellent technologies to investigate are... - VPN Clients - Proxy Services - Localhost Tunneling Read along to further expand the defender’s hunting and detection repertoire against these three troublemakers. mandiant.com/resources/burr…

Looking to add a manager to Mandiant (part of Google Cloud)'s IR team in DC. Let me know if interested, DMs are open.

This week we (Permiso Security) launched our alerts module with dozens of session based detections built from what we have learned on the front line responding to #cloud IRs. permiso.io/blog/s/alerts-…

Another #CVE-2021-25657 of mine just got published. Avaya IP Office for #Microsoft #Windows contains a local privilege escalation #vulnerability. #Mandiant #MYOW #UpdateNow #MandiantVulnerabilityDisclosure #ResponsibleDisclosure github.com/mandiant/Vulne…

🚨 NEW Blog from @mandiant 🚨  Suspected Chinese Threat Actor (#UNC3886) involved in Espionage Operations. mandiant.com/resources/blog… 🧵

#MTrendsIsOnTheWay

"If the technical sleight of hand is successful, the adversary will achieve persistence by means of malicious Chromium-based browser extensions" 🌶️ dissect adversary methodologies 🔥 identify malware families 💥highlight detection opportunities mandiant.com/resources/blog…

🔥Permhash is a repeatable and scalable method to cluster, hunt for, and pivot between browser extensions, APKs, and other files that declare a set of permissions. 📝 mandiant.com/resources/blog… 🌐 github.com/google/permhas… 🐍 pypi.org/project/permha…

I love to see the fantastic contributions from the Mandiant (part of Google Cloud) Intelligence #AdversaryMethods Research & Discovery team! Identifying and classifying attacker methodologies at scale! 🔥🔥

Files are just extra large packets.

I'm excited to announce that I'm hiring two Detection Engineers for the Mandiant Detection Engineering Team! Come build detections at a global scale for cutting edge threats on an amazing team. Apply here google.com/about/careers/… #DetectionEngineering #Mandiant #Detection

🔥New APT41 Methodologies 🔥 While DUSTTRAP was really interesting, analyzing the methodologies observed alongside SQLULDR2 and PINEGROVE were fascinating. Both families highlight very specific methodologies worth hunting for. Check the blog for details! cloud.google.com/blog/topics/th…

Jack Rhysider 🏴‍☠️ You can evade an EDR, but you can’t evade a big nerd rawdogging wireshark