🔥New APT41 Methodologies 🔥
While DUSTTRAP was really interesting, analyzing the methodologies observed alongside SQLULDR2 and PINEGROVE were fascinating. Both families highlight very specific methodologies worth hunting for. Check the blog for details!
https://t.co/r24DMuQV2W
I'm excited to announce that I'm hiring two Detection Engineers for the Mandiant Detection Engineering Team! Come build detections at a global scale for cutting edge threats on an amazing team.
Apply here https://t.co/ZPcLU982kP
#DetectionEngineering#Mandiant#Detection
I love to see the fantastic contributions from the @Mandiant Intelligence #AdversaryMethods Research & Discovery team! Identifying and classifying attacker methodologies at scale! 🔥🔥
🔥Permhash is a repeatable and scalable method to cluster, hunt for, and pivot between browser extensions, APKs, and other files that declare a set of permissions.
📝 https://t.co/m14GdJeOLx
🌐 https://t.co/xq10PRtqDB
🐍 https://t.co/VmZx8Hdwyi
"If the technical sleight of hand is successful, the adversary will achieve persistence by means of malicious Chromium-based browser extensions"
🌶️ dissect adversary methodologies
🔥 identify malware families
💥highlight detection opportunities
https://t.co/2TbbQ41SvE
This week we (@permisosecurity) launched our alerts module with dozens of session based detections built from what we have learned on the front line responding to #cloud IRs.
https://t.co/rdf214AOZ4
Sometimes you just want to hunt 🔫
Three excellent technologies to investigate are...
- VPN Clients
- Proxy Services
- Localhost Tunneling
Read along to further expand the defender’s hunting and detection repertoire against these three troublemakers.
https://t.co/1G5w6FUZTS
Exposed keys are the root of most #cloud attacks we observe at @permisosecurity@P0Labs
Check out the details of one such incident that led to crypto mining
https://t.co/DwkrNv3gj2
🔥I'm standing up a detection team in @Mandiant#AdvancedPractices🦅
➡️Support detection efforts across Mandiant
➡️Develop rules for the latest threats, based on Mandiant's insight
➡️Work with AP Research and other Mandiant teams
Come help us find evil!
https://t.co/38N97qqTRC
🚨🚨Today I'm releasing THIRI - a Jupyter notebook for rapidly prototyping threat hunting rules: https://t.co/qBa9P7azlm
THIRI is designed to be super intuitive and even easier to extend than past tools like my own HeySerial.
Check out the README for all the deets!
We're hiring for the @Mandiant#AdvancedPractices Research team!🦅
➡️Self-driven defensive- and intel-oriented research
➡️Support Mandiant IRs with research and detection
➡️Codify attacker methodologies
➡️Surface new activity
🔥Great team/mission/data🔥
https://t.co/1eU558wIeA