By developing custom C#-based assemblies, attackers no longer need to rely on the tools present on the target system; they can instead write and deliver their own tools using a technique we call Bring Your Own Land (BYOL).

We describe machine learning based strategies to collect data, capture alert analysis, create a model, and build an efficacy workflow – all with the ultimate goal of automating alert triage and freeing up analyst time.

The hospitality sector is being actively targeted in a campaign that FireEye attributes with moderate confidence to APT28.

In the middle of June, we observed an active campaign leveraging HawkEye malware that is not targeting any specific group of industries or any specific region.

FireEye as a Service has identified a spear phishing campaign - targeting individuals involved with the SEC - that appears to be linked to FIN7, a financially motivated threat group.

Everything you need to know about Veil 3.0, the latest update on tools designed for use during offensive security training.

We provide a case study to illustrate the TTPs that can be leveraged by threat actors to breach the protected perimeter between an IT network and an OT network.

The Speakeasy framework provides an easy-to-use, flexible, and powerful programming interface that enables analysts to solve complex problems such as unpacking malware.

We explain how VBA purging works, share some detection and hunting opportunities, and introduce a new tool: OfficePurge.

We observed a group we track as UNC1945 compromise telecommunications companies and operate against a tailored set of targets.