Browsing CategorySecurity Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Security Research

Building a Custom Malware Analysis Lab Environment

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Security Research

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

Ghidra users can now enjoy the same (and more!) benefits available in IDA Pro from VirusTotal’s VTGrep plugin with this open source plugin from SentinelLabs.

Security Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Security Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

Security Research

Misusing msvsmon and the Windows Remote Debugger

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Security Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

Security Research

Hacking Smart Devices for Fun and Profit

Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.

SentinelOne launches in Korea! A market ripe for the next generation of cybersecurity. Together with our strateg… https://t.co/q6ukW4kpLvabout 1 hour ago
Is your #security team struggling due to a lack of resources? Read our #whitepaper to find out 5 quick tips to… https://t.co/eHZigdon2Yabout 1 hour ago
Ransomware Attacks: To Pay or Not To Pay? https://t.co/6ZoqkenIKC #Ransomware #infosec #cybersecurity2 hours ago
Our patented #Storyline technology has been developed to help you easily see a completely contextualized story i… https://t.co/sOmclbV5X03 hours ago

0 / 98

Browsing CategorySecurity Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Building a Custom Malware Analysis Lab Environment

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

Resourceful macOS Malware Hides in Named Fork

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

Misusing msvsmon and the Windows Remote Debugger

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Hacking Smart Devices for Fun and Profit

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game

Building a Custom Malware Analysis Lab Environment

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan