Adam G.

Excited to share the (now patched) AKS Privilege Escalation we found! cloud.google.com/blog/topics/th…

🚨📝 New #FIN7 threat research blog, "Power Hour", published today by @Mandiant. Please enjoy 🌶🌶 mandiant.com/resources/evol… Blog includes: - FIN7 archaeology & evolution ⛏ - #POWERPLANT deep dive - BIRDWATCH (~#JssLoader) - Supply chain (😱) neat stuff in thread 🧵⤵️

SilkETW is now available ✍️🧐💡! Check out my short introduction post here => fireeye.com/blog/threat-re…, you can find the code on the @FireEye GitHub => github.com/fireeye/SilkETW

Well covered that Ryuk ❌ NK in blogs by @kryptoslogic @McAfee_Labs @Malwarebytes @CrowdStrike. Here we share an example of an initial infection vector, more details on how Ryuk has been deployed, and some info on the observed TrickBot gtags fireeye.com/blog/threat-re…

New post is up! We pick apart the latest probable #APT29 phishing campaign and the nuance involved in dealing with, and attributing to, deceptive attackers. Written with @QW5kcmV3, @itsreallynick, @matonis, @jonleathery. Credit to @barryv for the title. fireeye.com/blog/threat-re…

HOT OFF THE PRESS: Read our @FireEye_Intel #TRITON attribution blogpost tying TRITON actors to CNIIHM, a Russian Government-Owned research institute. fireeye.com/blog/threat-re…

In our new @FireEye blog post we analyze some of the most frequent ICS security risks observed in the field during @Mandiant ICS Healthcheck assessments. It is good to have some on-the-ground data to test commonly cited areas of ICS risk. fireeye.com/blog/threat-re…

Stymied by my own #flareon5 challenge, so I developed idawasm: An IDA Pro loader and processor for WebAssembly. details: fireeye.com/blog/threat-re…

Get ready for the 5th Annual FLARE On Challenge!!! #flareon5 fireeye.com/blog/threat-re…

The TRITON origin story is a still mystery with lots of missing pieces. @reesespcres and I did some poking and found some overlaps with legit Triconex DLLs. Nothing mind blowing, but still cool: fireeye.com/blog/threat-re… #tristation #triton #tubular

Check out my blog post and tool release on OAuth Abuse! OAuth abuse is a social engineering technique that's managed to stay relatively under the radar until now. fireeye.com/blog/threat-re…

#Blockchain domains as malicious infrastructure. fireeye.com/blog/threat-re…

After 9 months Invoke-DOSfuscation is finally released!! There is a lot of information for detection in the white paper, and the Invoke-DosTestHarness function is exactly what I used for detection dev & tuning. Code: github.com/danielbohannon… White paper: fireeye.com/blog/threat-re…

Breaking: @Mandiant releases details on malware targeting critical infrastructure fireeye.com/blog/threat-re… TLDR: -Unknown nation state threat actor -Attacker caused shutdown of operations -First (public) incident targeting safety systems (that prevent further physical damage)

Cyber espionage is alive and well! My blog post is live: APT32 (Vietnam) targeting and TTPs: fireeye.com/blog/threat-re… #DFIR @Mandiant

@FireEye details three zero-day vulnerabilities addressed on Patch Tuesday: fireeye.com/blog/threat-re…

I wrote up the #APT29 TOR/meek domain fronting backdoor that we first discussed during our #noeasybreach talk. fireeye.com/blog/threat-re…

Finally made it on the #FireEye blog! Check out my technical analysis of the recently patched CVE-2016-2060! fireeye.com/blog/threat-re…

Cisco's Monique Morrow on threat landscape evolution at NYIT Cybersecurity Conference