Co-authored with Mandiant's Nick Carr (@ItsReallyNick).
This blog post highlights several incremental obfuscation techniques our team observed threat actors FIN7, FIN8 and APT32 using in the wild during the first half of 2017.
Release Date: 2017-06-30
Co-authored with Microsoft's Lee Holmes (@Lee_Holmes).
This blog post and white paper outline the research methodology and data science techniques that Lee and I applied as we developed the Revoke-Obfuscation framework, the first AST-based (Abstract Syntax Tree) PowerShell obfuscation detection framework which we released at Black Hat USA 2017 (video) and DEF CON 25 (video).
Release Date: 2017-07-27
This blog post and white paper outline the research methodology and detection development approaches that I applied during the DOSfuscation research. This is the research and white paper that I released at Black Hat Asia 2018 along with the Invoke-DOSfuscation framework.
Release Date: 2018-03-23