FLARE VM is a freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers.

Learn all about some lesser known features of FakeNet-NG, and some strategies to help master using our network simulation tool.

Part one of a series about PDB paths, their relation to malware, and how they may be useful in both defensive and offensive operations.

In 2020, during an incident response engagement, FireEye Mandiant stumbled upon APT10 for the first time since the U.S. indictments against the group in late 2018.

A novel malware ecosystem impacting VMware ESXi, Linux vCenter servers, and Windows virtual machines.

A suspected Chinese actor used a zero-day vulnerability in FortiOS and multiple custom malware families as part of an espionage campaign.

We identified several versions of an ICS-focused malware designed to affect a Siemens control system environment.

The FireEye FLARE team’s newest contribution to the malware analysis community, FLOSS, is an open-source tool to automatically detect, extract, and decode obfuscated strings in Windows Portable Executable files. FLOSS helps fight against malware authors who commonly obfuscate strings in their programs to deter static and dynamic analysis, and can extract strings that are deobfuscated by decoding routines, while recovering stackstrings and obtaining all static strings.

A spear-phishing campaign that targets Hong Kong-based media organizations is using Dropbox for its malware communications.

Over the past few years, we have been tracking a suspected Iranian group with potential destructive capabilities whom we call APT33.