Windows

Attackers’ trends tend to come and go. But one popular technique we’re seeing at this time is the use of living-off-the-land binaries — or “LoLBins”. LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of stayin…

As malware researchers, we spend several days a week debugging malware in order to learn more about it. For that, we have several powerful and popular user mode tools to choose from, such as OllyDbg, x64dbg, IDA Pro and Immunity Debugger. All these debuggers utilize some scripting language to automa…

This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams. Summary Since our initial post on malicious mobile device management (MDM) platforms, we have gathered more information about this actor that we believe shows it is part of a broader campaign targeting multiple pla…

This post was authored by Warren Mercer. Patch Tuesday for June 2016 has arrived where Microsoft releases their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 16 bulletins addressing 44 vulnerabilities. Five b…

Patch Tuesday for April has arrived with Microsoft releasing their latest monthly set of security bulletins to address security vulnerabilities in their products. This month’s release contains 13 bulletins relating to 31 vulnerabilities. Six bulletins address vulnerabilities rated as critical…

My laptop PC recently took on a new role: As a tool for centrally managing the different phones that I use in my work. The new Cisco Jabber for Windows client allows me to control the Cisco 9971 desk phone that’s in my Cisco office and the Cisco 7961 phone I have in my home office. But I can also us…