Browsing CategorySecurity Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Security Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

Security Research

Misusing msvsmon and the Windows Remote Debugger

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Security Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

Security Research

Hacking Smart Devices for Fun and Profit

Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.

Security Research

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.

Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Security Research

Living Off Windows Land – A New Native File “downldr”

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

✨ It's SentinelOne Global Virtual Wellness Week for all of our employees! With hundreds of open positions globally,… https://t.co/QXYs5NJPcg4 hours ago
SentinelOne's Brian Hussey in CyberScoop: #Trickbot. Not gone. Continual and steady usage. It's business as usual… https://t.co/k1KmTv6CwH4 hours ago
✨ It's SentinelOne Global Virtual Wellness Week for all of our employees! With hundreds of open positions globally,… https://t.co/eYHcg6ZCti4 hours ago
RT @NoHackn: Here at @AttivoNetworks we're excited to release our integration with @SentinelOne and help defenders succeed in countering fr…4 hours ago

0 / 84

Browsing CategorySecurity Research

Resourceful macOS Malware Hides in Named Fork

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

Misusing msvsmon and the Windows Remote Debugger

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Hacking Smart Devices for Fun and Profit

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

Living Off Windows Land – A New Native File “downldr”

Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

Resourceful macOS Malware Hides in Named Fork

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware