We highlight Azure Run Commands and provide guidance for mitigations, hunting, and detection mainly from the perspective of the virtual machines at risk from this type of activity.

Deserialization vulnerabilities are a class of bugs that have plagued multiple languages and applications over the years.

Mandiant is thrilled to accept Microsoft Corp.’s invitation to join the Microsoft Intelligent Security Association (MISA).

It's the one year anniversary of the SolarWinds compromise, and we remain  committed to tracking the threat actors involved in this attack.

In several recent Incident Response engagements, Mandiant has observed threat actors exploiting ProxyShell vulnerabilities in different ways.

Mandiant’s “DFIR Framework for Embedded Systems” is built upon Mandiant’s world-renowned incident response methodology.

UNC2190, operating as Arcane and Sabbath, has targeted critical infrastructure including education, health, and natural resources in the United States and Canada since June 2021.

Mandiant Threat Intelligence assesses with high confidence that UNC1151 is linked to the Belarusian government.

Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at two of the file types supported by Windows: RAW and High Efficiency Image File Format (HEIF).

CAMLIS brings together researchers and security practitioners to share technical findings, and here is how we will be contributing to the conference.