Browsing CategorySecurity Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

Security Research

Hacking Smart Devices for Fun and Profit

Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.

Security Research

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.

Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Security Research

Living Off Windows Land – A New Native File “downldr”

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

Security Research

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software

CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.

Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

feature image macos privilege escalation

Security Research

Privilege Escalation | macOS Malware & The Path to Root Part 1

Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?

Security Research

macOS Incident Response | Part 3: System Manipulation

How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.

Security Research

Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities

Reverse engineering Gootkit reveals tricks for persistence, self-updating and a kill switch. Join us as we continue our deep dive into this banking malware

New World. New Year. From our family to yours, Shana Tova! As another year passes, we reflect on the global impor… https://t.co/fQiKlwzyDTyesterday
Have you had your health checkup recently? Stay in shape with ONEscore from SentinelOne.… https://t.co/a14FD5xQL3yesterday
With IoT devices projected to hit 50 billion by the end of 2020, it's critical to stay ahead of vulnerabilities.… https://t.co/GBwpaZyHDcyesterday
Customers are our #1, which is perhaps why we rank #1 with customers on Gartner Peer Insights. Read the full rep… https://t.co/mjFmnbSpcoyesterday

0 / 67

Browsing CategorySecurity Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Hacking Smart Devices for Fun and Profit

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

Living Off Windows Land – A New Native File “downldr”

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software

Sarwent Malware Continues to Evolve With Updated Command Functions

Privilege Escalation | macOS Malware & The Path to Root Part 1

macOS Incident Response | Part 3: System Manipulation

Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities

Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic

Multi-Platform SMAUG RaaS Aims To See Off Competitors

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Case Study: Catching a Human-Operated Maze Ransomware Attack In Action