GreySec Forums
Mandiant “Breach”: A High-Level Case Analysis - Printable Version

+- GreySec Forums (https://greysec.net)
+-- Forum: Portal and Meta (https://greysec.net/forumdisplay.php?fid=1)
+--- Forum: Miscellaneous Discussion (https://greysec.net/forumdisplay.php?fid=5)
+--- Thread: Mandiant “Breach”: A High-Level Case Analysis (/showthread.php?tid=2150)



Mandiant “Breach”: A High-Level Case Analysis - Cypher - 08-24-2017

I wrote a blog post for a friend about the recent security "breach" that happened at Mandiant.

Long story short, the attackers used credentials from stolen databases to login to an analyst's online accounts, steal documents, and then they released a document claiming that they had breached Mandiant's network infrastructure. They claimed that this was only a sample of what they had, a blatant lie, which ultimately tarnished Mandiant's brand reputation.

In this article, I essentially go through a straight-forward, high-level case analysis of this issue.

Feel free to check it out: https://katembrew.blogspot.ca/2017/08/mandiant-breach-high-level-case.html


RE: Mandiant “Breach”: A High-Level Case Analysis - Vector - 08-25-2017

Great job, very well written. Although i disagree with your assertion that "Mandiant nor FireEye are at fault at all, it is a flaw of an employee’s account credential usage, which could happen anywhere". Since as a security company you should be aware that these things can happen and knowing that provide your employees with sufficient training so that they know how not to fuck up like this. Since the targeted account was of a security analyst as well you would think he'd know a thing or two on how to properly manage credentials. Clearly he did not, so it was a bad hire on Mandiant's part in the first place.


RE: Mandiant “Breach”: A High-Level Case Analysis - overfl0wN - 08-27-2017

Good article and nice analysis Cypher, but I agree with Vector: if you work for a company that won't train to do your job flawlessly, it's company's fault.
Spending some money for training isn't that bad, but only when shit happens people understand how a small investment could save their asses.
On the other hand the employee is clearly an asshole... No offence but, WTF you're working in the field of Internet Security not candies, these are the basics rules to keep password safe...