Co-authored with MANDIANT's Nick Carr (@ItsReallyNick).

This blog post highlights several incremental obfuscation techniques our team observed threat actors FIN7, FIN8 and APT32 using in the wild during the first half of 2017.

Release Date: 2017-06-30


Co-authored with Microsoft's Lee Holmes (@Lee_Holmes).

This blog post and white paper outlines the research methodology and data science techniques that Lee and I applied as we developed the Revoke-Obfuscation framework, the first AST-based (Abstract Syntax Tree) PowerShell obfuscation detection framework which we released at Black Hat USA 2017 (video) and DEF CON 25 (video).

Release Date: 2017-07-27