Co-authored with MANDIANT's Nick Carr (@ItsReallyNick).
This blog post highlights several incremental obfuscation techniques our team observed threat actors FIN7, FIN8 and APT32 using in the wild during the first half of 2017.
Release Date: 2017-06-30
Co-authored with Microsoft's Lee Holmes (@Lee_Holmes).
This blog post and white paper outlines the research methodology and data science techniques that Lee and I applied as we developed the Revoke-Obfuscation framework, the first AST-based (Abstract Syntax Tree) PowerShell obfuscation detection framework which we released at Black Hat USA 2017 (video) and DEF CON 25 (video).
Release Date: 2017-07-27