Browsing CategorySecurity Research

Adventures From UEFI Land: the Hunt For the S3 Boot Script

In Part 4 of our UEFI Internals and Exploitation series, we abandon VMs and dive into UEFI on a physical machine. The quest: recovery of the S3 Boot Script.

Security Research

Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin

Security researchers – don’t infect your own device! Now you can analyze malware samples in memory using SentinelOne’s Memory Loader plugin for IDA Pro.

Security Research

Top 15 Essential Malware Analysis Tools

Get your malware analysis toolkit up-to-speed! From disassemblers and debuggers to hex editors and SSL interception tools, you’ll find them all here.

Security Research

A Guide to Ghidra Scripting Development for Malware Researchers

Automation is the key to becoming a more effective malware analyst, and Ghidra scripting is an essential tool in your arsenal. Get started here!

Security Research

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

Security Research

CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender

Windows Defender has contained an elevation of privilege vulnerability since at least 2009. Learn more about SentinelOne’s discovery, CVE-2021-24092, here.

Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Security Research

Building a Custom Malware Analysis Lab Environment

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Security Research

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

Ghidra users can now enjoy the same (and more!) benefits available in IDA Pro from VirusTotal’s VTGrep plugin with this open source plugin from SentinelLabs.

Security Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Your legacy Intel software may appear to run just fine on Apple silicon thanks to Rosetta 2, but what are the per… https://t.co/yCP5Fx1u8Yabout 1 hour ago
️ IoT Devices That Are Susceptible to Hacking. Let’s start by identifying the devices that pose the greatest risk… https://t.co/AoURhNXRUd3 hours ago
FONIX RaaS uses four methods of encryption per file and leads victims (and affiliates) on a merry dance through m… https://t.co/rPGqxvZBUN4 hours ago
What is an MBRLocker? Why Are Security Researchers Targeted by Malware Authors? Does SentinelOne Protect Against… https://t.co/BzB6Ik1jfv19 hours ago

0 / 125

Browsing CategorySecurity Research

Adventures From UEFI Land: the Hunt For the S3 Boot Script

Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin

Top 15 Essential Malware Analysis Tools

A Guide to Ghidra Scripting Development for Malware Researchers

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Building a Custom Malware Analysis Lab Environment

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

Resourceful macOS Malware Hides in Named Fork

Adventures From UEFI Land: the Hunt For the S3 Boot Script

Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage

Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor