September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Our Summer 2022 threat report details the evolution of Russian cybercrime, research into medical devices and access control systems, and includes analysis of email security trends.
At Hardwear.io 2022, Trellix researchers disclosed 8 zero-day vulnerabilities in HID Global Mercury access control panels, allowing them to remotely unlock and lock doors, modify and configure user accounts and subvert detection from management software.
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
September 27-29, 2022 ARIA Hotel & Casino Save the date and start planning to align with our leadership teams to learn our vision for a new kind of cybersecurity and learn more about our innovations in cyber intelligence and XDR architecture.
Advanced Threat Research Tools & Techniques Library
The Trellix Advanced Threat Research team conducts security research with the aim of staying ahead of the evolving threat landscape to expose and reduce attack surfaces. This series of white papers discuss laboratory security research techniques that are generally known among the professional community of security researchers. The white papers are provided to elevate collaboration and security within the industry and are not to be used for unlawful purposes. Security researchers are responsible for lawfully obtaining equipment and for complying with contracts and licenses for their research.
Function Hooking for Recon and Exploitation
This technique analysis will walk through three examples to help explain the process of hooking functions to retrieve useful information as well as modifying functions to a researcher’s benefit.
Mapping win32k User to Kernel tagWND Data Structures
We developed and now share a windbg script to ease the vulnerability and exploit analysis process. This technique can be used in general to aid in the research of win32k vulnerabilities.
Modifying Third-Party Android Apps for Fun and Profit
This guide will walk you through this process step by step, using the recent research on the semi Personal Robot as a case study.
Hyper-V Automation for Windows Patch Diffing
This blog will walk through some automation developed to facilitate patch diffing and is as well as a discussion of how to obtain the before and after files for a given patch, rather than the actual process of patch diffing.
Distributed Security: Shamir’s Secret Sharing Key Shares
Privacy is both important and difficult to achieve today. To complicate matters, some data needs to be recoverable in a secure way. Fortunately, there is another option that can meet all requirements.
Emulating Code with Unicorn
When analyzing a piece of malware, or reversing a CTF challenge, it’s common to find functions that are implementing a given algorithm that you want to apply to arbitrary data.
In this Tools and Techniques article, we will be relying on Python 3 to solve some of these challenges.
Industrial Control System (ICS) Simulation
Ever wondered how SCADA or ICS systems actually work? This short paper focuses on a demo unit we built and the security risks that can accompany these often overlooked environments.
Glitching U-Boot by Shorting the NAND Flash
Rewatched “the Matrix” and wondering what glitching is? In this context, it’s not Déjà vu, but a technique to bypass hardware checks and get a root prompt. In this guide, we apply it to U-Boot.
Watchdog Bypass Techniques
Watchdog timers can be the bane of exploit-developers existence. We detail techniques to halt, kill, or bypass watchdog timers, even in cases where there are redundant WDTs.
Android SSL Pinning Bypass: Android 7-10
Unpin developer supplied certificates to decrypt app data over SSL (Android versions 7-10)
Data Science Tips & Tricks
This simple guide details some of the common tools, configuration steps, and issues data scientists might uncover as they begin to build their first machine learning models and applications.
Cross-Compiling Legacy Systems
An in-depth “how-to” guide on cross-compiling legacy systems, for when you can’t seem to find the necessary tools to automate the process.
Android SSL Pinning Bypass: Android 4-6
Unpin developer supplied certificates to decrypt app data over SSL (Android versions 4-6)
RF Selective Jamming
This whitepaper details an innovative just-in-time jamming technique developed by Trellix Advanced Threat Research and demonstrates a unique use case for an attack against a popular garage door.
You're exiting Trellix.
Please pardon our appearance as we transition from McAfee Enterprise to Trellix.
Exciting changes are in the works.
We look forward to discussing your enterprise security needs.
You will be redirected in 0 seconds. If not, please click here to continue
You're exiting Trellix.
Please pardon our appearance as we transition from FireEye to Trellix.
Exciting changes are in the works.
We look forward to discussing your security needs.
You will be redirected in 0 seconds. If not, please click here to continue
McAfee Enterprise and FireEye Emerge as Trellix.
For legal information, please click on the corresponding link below.
