In this blog we take a closer look at the powerful, versatile backdoor known as CARBANAK (aka , Anunak, ).

This blog post presents a machine learning approach to detecting obfuscated Windows command line invocations on endpoints.

In this blog post we discuss multiple targeted phishing campaigns designed to download and deploy a backdoor we track as MINEBRIDGE.

This blog post illustrates how FireEye is leveraging artificial intelligence and machine learning to raise the bar for adversaries that use PowerShell.

In this blog post we discuss how Speakeasy can be effective at automatically identifying rootkit activity from the kernel mode binary.

The FireEye Labs Advanced Reverse Engineering (FLARE) Team is sharing a third installment of a blog about the IDA Pro script with the community.

This blog post shines a heat lamp on the latest tradecraft of UNC2198, who,  , used ICEDID infections to deploy MAZE or EGREGOR ransomware.

This is the first of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows.

This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows.

This blog post details various PowerShell logging options and how they can help you obtain the visibility needed to better respond, investigate, and remediate attacks involving PowerShell.