M-unition -

Investigating with Indicators of Compromise (IOCs) –
Part II

Written by Will Gibb & Devon Kerr

In our blog post “Investigating with Indicators of Compromise (IOCs) – Part I,” we presented a scenario involving the “Acme Widgets Co.,” a company investigating an intrusion, and its incident responder, John. John’s next objective is to examine the system “ACMWH-KIOSK” for evidence of attacker activity. Read the rest

By Will Gibb on March 5, 2014 1

Best of the Best in 2013: The Armory

Everyone likes something for free. And there is no better place to go to get free analysis, intelligence and tools than The Armory on M-Unition. During the past year, we’ve offered intelligence and analysis on new threat activity, sponsored open source projects and offered insight on free tools like Redline™, all of which has been highlighted on our blog. Read the rest

By Helena Brito on December 20, 2013 1

OpenIOC Series: Investigating with Indicators of
Compromise (IOCs) – Part I

Written by Devon Kerr & Will Gibb

The Back to Basics: OpenIOC blog series previously discussed how Indicators of Compromise (IOCs) can be used to codify information about malware or utilities and describe an attacker’s methodology. Also touched on were the parts of an IOC, such as the metadata, references, and definition sections. Read the rest

By Will Gibb on December 16, 2013 0

OpenIOC: Back to the Basics

Written by Will Gibb & Devon Kerr

One challenge investigators face during incident response is finding a way to organize information about an attackers’ activity, utilities, malware and other indicators of compromise, called IOCs.  The OpenIOC format addresses this challenge head-on. Read the rest

By Will Gibb on October 1, 2013 0

The History of OpenIOC

With the buzz in the security industry this year about sharing threat intelligence, it’s easy to get caught up in the hype, and believe that proper, effective sharing of Indicators or Intelligence is something that can just be purchased along with goods or services from any security vendor. Read the rest

By Doug Wilson on September 17, 2013 0

Back to Basics Series: OpenIOC

Over the next few months, a few of my colleagues and I will be touching on various topics related to Mandiant and computer security. As part of this series, we are going to be talking about OpenIOC – how we got where we are today, how to make and use IOCs, and the future of OpenIOC. Read the rest

By Will Gibb on September 12, 2013 0
OLDER ENTRIES
Get M-Unition in Your Inbox:

Follow @mandiant

Follow @mandiant on twitter.

Career Opps @ Mandiant

We’re growing fast, but we’re as demanding as ever. Our clients come to us in their hours of need, so we need the best. That means more than just the right education and the right experience in information security.

As Mandiant continues to grow, we are able to offer certain positions in multiple locations. For details on the location(s) of each opening, please refer to the position descriptions.

Click here to view available positions.