Malware using CLFS logs to hide a payload? Check out this analysis by myself and Malchanic on some tricky malware we named PRIVATELOG and a related utility/installer called STASHLOG. fireeye.com/blog/threat-re…

XELFViewer - ELF file viewer/editor for Windows, Linux and MacOS. 0.03 [+] Linux AppImage [+] Autotools build system [+] PKG installer for OSX [+] RISCV disassembler [+] Many bugs have been fixed. github.com/horsicq/XELFVi…

This year I was able to test a bunch of our challenges and had a really great time with them. You're all in for a treat! #flareon8

#flareon8 Pre-registration is live for all you speed-runners out there: 2021.flare-on.com

Alright, folks, let's talk about Cobalt Strike! mandiant.com/resources/defi… (Sorry, red team pals. This one is for my defense buddies!) 🧵

short post introducing `biodiff`, a tool by 8051 enthusiast for diffing binary files, and how you might use it to find malware configuration changes. the UI is really quick and the algorithms handle file alignment very well. williballenthin.com/post/2022-03-0…

Deobfuscate more strings than ever with the brand new FLOSS version 2.0 mandiant.com/resources/flos…

🎉 SUPER EXCITED to announce I'll be presenting at DEFCON this year! forum.defcon.org/node/242292

Introducing STrace & PDBReSym! An MIT licensed reimplantation of dtrace and rust symbolicating tool. Allows system call hooks in a patchguard compatible way. See my DEFCON talk recording for more details, or the /blog folder for now until that's public! github.com/mandiant/STrace

🚨 Today we're excited to release Ghidrathon, a Ghidra extension that adds modern Python 3 scripting (including Python 3.10) to Ghidra! Blog 👉 mandiant.com/resources/blog… GitHub 👉 github.com/mandiant/Ghidr…

#flareon9 is happening. Let your family know you'll miss them. mandiant.com/resources/anno…

Don't miss the next installment of the Mandiant FLARE team's webinar series, The Sample. This week, Principal Reverse Engineer Blaine Stancill will explain the inner workings of a dropper from the #WHITEDAGGER malware family. Register now! mndt.info/3UJAUGj

🎉 Looks like dncil (github.com/mandiant/dncil) recently surpassed 15k PyPI downloads! If you’re looking for a Python library to disassemble .NET managed code check out dncil and give us your feedback.

What better way to finish off the year than a fresh release of FLARE VM?! 🥳 This release focuses on empowering community contributions and automation. Get it while its hot 🔥🔥🔥mandiant.com/resources/blog…

#ChatGPT #ghidra integration with the help of Ghidrathon and #Python 3! reddit.com/r/ghidra/comme…

We welcome Mandiant (part of Google Cloud)'s CAPA and GoReSym to our malware analysis suite. CAPA provides valuable TTPs, and GoReSym produces all kind of metadata to analyse GO samples: blog.virustotal.com/2023/01/mandia…

We released the second blog post in our FLARE @ GSoC ‘23 blog series. This post is a collaboration with our GSoC contributor Arnav Kharbanda who extended FLOSS to extract strings from Go and Rust executables. Check out the post to learn how it works 👉 mandiant.com/resources/blog…

🎙️ I'm excited to announce the launch of a new podcast - Behind the Binary! #BehindTheBinary focuses on the stories of the people, technology, and events that have shaped the world of reverse engineering. You can find it on Spotify👇 open.spotify.com/show/3yWgmIuhW…

Introducing XRefer: a tool from the Mandiant FLARE team to speed up #malwareanalysis and streamline investigations. Learn more: bit.ly/4iUrvrF

ucutils (helpers for the Unicorn Emulator) is now published to PyPI: pypi.org/project/ucutil…