Learn about using Windows registry data when performing forensic analysis of computer networks.

The FLARE team is once again hosting its annual Flare-On challenge, now in its eighth year. Take this opportunity to enjoy some extreme social distancing by solving fun puzzles to test your mettle and learn new tricks on your path to reverse engineering excellence. The contest will begin at 8:00 p.m. ET on Sept. 10, 2021. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 22, 2021.

The number of exploited vulnerabilities each year continues to rise, while the overall times-to-exploit are decreasing.

We identified several versions of an ICS-focused malware designed to affect a Siemens control system environment.

The Flare-On reverse engineering challenge will return for the sixth straight year.

In the five years I have been a part of Mandiant's malware analysis team (now formally known as M-Labs) there have been times when I've had to reverse engineer chunks of shellcode. In this post I will give some background on shellcode import resolution techniques and how to automate IDA markup to allow faster shellcode reverse engineering.

FLARE has brought FakeNet-NG to Linux, allowing analysts to perform basic dynamic analysis either on a single Linux host or using a separate, dedicated machine in the same way as INetSim.

FireEye recently identified three new zero-day vulnerabilities in Microsoft Office products that are being exploited in the wild.

FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry.

FireEye is activity that involves the interactive deployment of Ryuk ransomware following TrickBot malware infections.