Debasish Mandal

Debasish is a security researcher and currently working in McAfee Labs Endpoint Exploit Prevention Team. He has been working in information security industry for past 6+ years. Initial few years of his career was mostly focused into Penetration Testing. Last two years at McAfee, his primary focus has been shifted to Vulnerability Research and Threat Hunting, where he spends most of his time, reverse engineering different vulnerabilities, advanced exploitation techniques and writing detection logic for them. Besides doing research, he is passionate about security bug hunting, programming, technical blog writing. In past Debasish has presented his research at various international security conferences such as BlackHat Europe Briefings'17, Brucon'17.
McAfee Labs has noticed a significant shift by some actors toward using trusted Windows executables, rather than external malware, to attack systems. One of the most popular techniques is a “fileless” attack. Because these attacks are launched through reputable executables, they are hard to detect. Both consumers and corporate users can fall victim to this ...
Read Blog
Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee discovered in March. Microsoft released a patch for this vulnerability this week with CVE-2017-8630. In this post, we will briefly discuss the vulnerability and its exploitability. The Problem While auditing PowerPoint, we came across an ...
Read Blog
This blog was written by Yakun Zhang. A virtual machine is a completely isolated guest operating system installation within a normal host operating system. Virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system, which can lead to infections and malware execution. VMware escapes demonstrated ...
Read Blog
Recently McAfee Labs discovered an interesting bug in Windows’ OLE implementation, which Microsoft patched this week. Now that the patch is available, we can discuss this vulnerability, which resides in the OleRegEnumVerbs() function of ole32.dll. During our research we found that a stack corruption vulnerability in ole32!OleRegEnumVerbs can be triggered if we embed any OLE1 ...
Read Blog