Introducing FLARE IDA Decompiler Library (FIDL), FireEye’s open source library which provides a wrapper layer around the Hex-Rays API.

FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners.

We are pleased to announce the conclusion of the third Flare-On challenge. This year’s prize is a police-style badge that is still in production, but we can share with you this teaser outline. All 124 winners of this year’s challenge will receive one (as of 10am Eastern). This year we had fantastic participation with a total of 2,063 players!

There is a common annoyance that seems to plague every reverse engineer and incident responder: wasting time or energy looking at junk code.

In the first week of May 2016, FireEye’s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region. The threat actors appear to be performing initial reconnaissance against would-be targets, and the attacks caught our attention since they were using unique scripts not commonly seen in crimeware campaigns.

Connected devices are on the rise and here to stay. While they can make our lives much easier they also make easier targets for threat actors. Here we take a look at how someone could reverse engineer an embedded device, and at the process for attempting to find vulnerabilities.

We discuss and share a tool we used to analyze MassLogger, a fairly new credential stealer that employs a sophisticated technique to hinder static analysis.

We dive deep into the WOW64 system and assess two hooking techniques and their effectiveness.

UNC3944 has demonstrated a stronger focus on stealing large amounts of sensitive data for extortion purposes.