Debasish Mandal

Debasish is a security researcher, currently working in McAfee Labs Endpoint Exploit Prevention Team. He has been working in information security industry for past 6+ years. Initial few years of his career was mostly focused into Penetration Testing & Red Teaming. Last 4 years at McAfee, his primary focus has been shifted to Vulnerability Research and Threat Hunting, where he spends most of his time, reverse engineering different vulnerabilities, advanced exploitation techniques and developing detection logic for them. Besides doing research, he is passionate about security bug hunting - e.g. he has uncovered several critical security issues in widely deployed products which eventually took him to rank 32 on MSRC Top 100 Security Researchers list in year 2018. In past Debasish has also presented his research at various international security conferences such as BlackHat Europe Briefings, BruCON , SigSegV etc.

Subscribe to Debasish Mandal Blogs

More from Debasish Mandal

McAfee Labs

Using Expert Rules in ENS to Prevent Malicious Exploits

Expert Rules are text-based custom rules that can be created in the Exploit Prevention policy in ENS Threat Prevention 10.5.3+. Expert Rules provide additional parameters and allow much more flexibility than the custom rules that can be created in the Access Protection policy. It also allows system administration to control ...

McAfee Labs

IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653

Microsoft recently patched a critical flaw in Internet Explorer’s scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google’s Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal ...

McAfee Labs

CactusTorch Fileless Threat Abuses .NET to Infect Victims

McAfee Labs has noticed a significant shift by some actors toward using trusted Windows executables, rather than external malware, to attack systems. One of the most popular techniques is a “fileless” attack. Because these attacks are launched through reputable executables, they are hard to detect. Both consumers and corporate users ...

McAfee Labs

Microsoft Kills Potential Remote Code Execution Vulnerability in Office (CVE-2017-8630)

Recently the McAfee IPS Research Team informed Microsoft about a potential remote code execution vulnerability in Office 2016 that McAfee discovered in March. Microsoft released a patch for this vulnerability this week with CVE-2017-8630. In this post, we will briefly discuss the vulnerability and its exploitability. The Problem While auditing ...

McAfee Labs

Analyzing a Patch of a Virtual Machine Escape on VMware

This blog was written by Yakun Zhang. A virtual machine is a completely isolated guest operating system installation within a normal host operating system. Virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system, which can lead to infections and ...

McAfee Labs

‘SSL Death Alert’ (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Servers

Recently we noticed a security patch has been published for the OpenSSL vulnerability called SSL Death Alert. As with other serious security vulnerabilities, this one grabbed our attention because the discoverer of the vulnerability says that it may cause a denial of service to an OpenSSL web server. To better ...

McAfee Labs

CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability

DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at the list of advisories Microsoft has recently published, it is clear that a large number of vulnerabilities encompass DLL planting. We have seen many targeted attacks that abuse Windows OLE in many ways. ...

McAfee Labs

CVE-2016-0153: Microsoft Patches Possible OLE Typo

Recently McAfee Labs discovered an interesting bug in Windows’ OLE implementation, which Microsoft patched this week. Now that the patch is available, we can discuss this vulnerability, which resides in the OleRegEnumVerbs() function of ole32.dll. During our research we found that a stack corruption vulnerability in ole32!OleRegEnumVerbs can be triggered ...

Subscribe to McAfee Securing Tomorrow Blogs