Evan Reese

@JackRhysider You can evade an EDR, but you can’t evade a big nerd rawdogging wireshark

🔥New APT41 Methodologies 🔥 While DUSTTRAP was really interesting, analyzing the methodologies observed alongside SQLULDR2 and PINEGROVE were fascinating. Both families highlight very specific methodologies worth hunting for. Check the blog for details! cloud.google.com/blog/topics/th…

I'm excited to announce that I'm hiring two Detection Engineers for the Mandiant Detection Engineering Team! Come build detections at a global scale for cutting edge threats on an amazing team. Apply here google.com/about/careers/… #DetectionEngineering #Mandiant #Detection

Files are just extra large packets.

I love to see the fantastic contributions from the @Mandiant Intelligence #AdversaryMethods Research & Discovery team! Identifying and classifying attacker methodologies at scale! 🔥🔥

🔥Permhash is a repeatable and scalable method to cluster, hunt for, and pivot between browser extensions, APKs, and other files that declare a set of permissions. 📝 mandiant.com/resources/blog… 🌐 github.com/google/permhas… 🐍 pypi.org/project/permha…

"If the technical sleight of hand is successful, the adversary will achieve persistence by means of malicious Chromium-based browser extensions" 🌶️ dissect adversary methodologies 🔥 identify malware families 💥highlight detection opportunities mandiant.com/resources/blog…

🚨 NEW Blog from @mandiant 🚨  Suspected Chinese Threat Actor (#UNC3886) involved in Espionage Operations. mandiant.com/resources/blog… 🧵

@ImposeCost Good question, hindsight bias is a thing

Another #CVE-2021-25657 of mine just got published. @Avaya IP Office for #Microsoft #Windows contains a local privilege escalation #vulnerability. #Mandiant #MYOW #UpdateNow #MandiantVulnerabilityDisclosure #ResponsibleDisclosure github.com/mandiant/Vulne…

This week we (@permisosecurity) launched our alerts module with dozens of session based detections built from what we have learned on the front line responding to #cloud IRs. permiso.io/blog/s/alerts-…

Looking to add a manager to @Mandiant's IR team in DC. Let me know if interested, DMs are open.

Sometimes you just want to hunt 🔫 Three excellent technologies to investigate are... - VPN Clients - Proxy Services - Localhost Tunneling Read along to further expand the defender’s hunting and detection repertoire against these three troublemakers. mandiant.com/resources/burr…

Exposed keys are the root of most #cloud attacks we observe at @permisosecurity @P0Labs Check out the details of one such incident that led to crypto mining permiso.io/blog/s/anatomy…

🔥I'm standing up a detection team in @Mandiant #AdvancedPractices🦅 ➡️Support detection efforts across Mandiant ➡️Develop rules for the latest threats, based on Mandiant's insight ➡️Work with AP Research and other Mandiant teams Come help us find evil! jobs.smartrecruiters.com/Mandiant/74399…

🚨🚨Today I'm releasing THIRI - a Jupyter notebook for rapidly prototyping threat hunting rules: github.com/mandiant/thiri… THIRI is designed to be super intuitive and even easier to extend than past tools like my own HeySerial. Check out the README for all the deets!

We're hiring for the @Mandiant #AdvancedPractices Research team!🦅 ➡️Self-driven defensive- and intel-oriented research ➡️Support Mandiant IRs with research and detection ➡️Codify attacker methodologies ➡️Surface new activity 🔥Great team/mission/data🔥 jobs.smartrecruiters.com/Mandiant/74399…