In Part 4 of our UEFI Internals and Exploitation series, we abandon VMs and dive into UEFI on a physical machine. The quest: recovery of the S3 Boot Script.
Browsing CategorySecurity Research
Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin
Security researchers – don’t infect your own device! Now you can analyze malware samples in memory using SentinelOne’s Memory Loader plugin for IDA Pro.
Top 15 Essential Malware Analysis Tools
Get your malware analysis toolkit up-to-speed! From disassemblers and debuggers to hex editors and SSL interception tools, you’ll find them all here.
A Guide to Ghidra Scripting Development for Malware Researchers
Automation is the key to becoming a more effective malware analyst, and Ghidra scripting is an essential tool in your arsenal. Get started here!
20 Common Tools & Techniques Used by macOS Threat Actors & Malware
Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.
CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender
Windows Defender has contained an elevation of privilege vulnerability since at least 2009. Learn more about SentinelOne’s discovery, CVE-2021-24092, here.
FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts
We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.
Building a Custom Malware Analysis Lab Environment
Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.
Introducing SentinelOne’s Ghidra Plugin for VirusTotal
Ghidra users can now enjoy the same (and more!) benefits available in IDA Pro from VirusTotal’s VTGrep plugin with this open source plugin from SentinelLabs.
Resourceful macOS Malware Hides in Named Fork
Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.