Hear about the cyber security trends Charles Carmakal is thinking about as we enter 2023.

We identified an operation focused on Ukrainian government involving trojanized Windows 10 Operating System installers.

Mandiant discovered a malicious driver used to terminate select processes on Windows systems.

We observed campaigns distributing a new, previously unreported variant of the popular banking malware, URSNIF.

On Advanced Practices, we are always looking for new ways to find malicious activity and track adversaries over time. Today we’re sharing a technique we use to detect and cluster Microsoft Office documents—specifically those in the  Office Open XML (OOXML)  file format. Additionally, we’re releasing a tool so analysts and defenders can automatically generate YARA rules using this technique.

PwnAuth is a web application framework that makes it easier for organizations to test their ability to detect and respond to OAuth abuse campaigns.

The lifecycle is a step-by-step process describing how intelligence offerings are driven.

In May of 2016, Mandiant’s Red Team discovered a series of vulnerabilities present on Lenovo’s Vibe P1 Android-based mobile device that allow local privilege escalation to the user “root”.

We observed zero-day exploitation of a Citrix Netscaler ADC and Gateway appliance vulnerability.