Matthew Dunwoody (@matthewdunwoody) and Daniel Bohannon (@danielhbohannon) are Applied Security Researchers with FireEye’s Advanced Practices Team, where they research attacker activity and developing effective detection signatures and processes (among other things). Matthew previously worked as an Incident Response consultant with FireEye’s Mandiant consulting group, where he supported and led IR engagements and high-tech crime investigations. Daniel’s areas of expertise include IR investigations, host- and network-based detection research and development, and obfuscation and detection evasion research and tradecraft development. He is the author of the Invoke-Obfuscation, Invoke-CradleCrafter and Invoke-DOSfuscation obfuscation frameworks and the co-author of the Revoke-Obfuscation PowerShell obfuscation detection framework.