SentinelLabs - Page 2 of 7 - Intelligence Redefined

Anchor Project for Trickbot Adds ICMP

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Security Research

Misusing msvsmon and the Windows Remote Debugger

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Crimeware

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques

Ryuk’s success is based partly on leveraging other toolkits and vulns, partly on its encryption speed and evasion tricks. We tear it down for a closer look.

Crimeware

Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow

New research shows that the Purple Fox exploit kit has added new tricks to its attack flow and continues to target vulnerable versions of Internet Explorer.

Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Crimeware

The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities

FONIX RaaS uses four methods of encryption per file and leads victims (and affiliates) on a merry dance through multiple emails to obtain decryption.

Security & Intelligence

Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic

At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright…

Crimeware

Multi-Platform SMAUG RaaS Aims To See Off Competitors

Raas (Ransomware-as-a-Service) continues to fuel the cybercrime economy. SMAUG offers Windows, Linux and macOS support among other unique features.

Security Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

The workplace we knew is gone. Enter SentinelOne—the only cybersecurity platform purpose-built for the remote wo… https://t.co/AusHeoEaulabout 1 hour ago
SentinelOne launches in Korea! A market ripe for the next generation of cybersecurity. Together with our strateg… https://t.co/q6ukW4kpLv2 hours ago
Is your #security team struggling due to a lack of resources? Read our #whitepaper to find out 5 quick tips to… https://t.co/eHZigdon2Y2 hours ago
Ransomware Attacks: To Pay or Not To Pay? https://t.co/6ZoqkenIKC #Ransomware #infosec #cybersecurity3 hours ago

0 / 0

Anchor Project for Trickbot Adds ICMP

Misusing msvsmon and the Windows Remote Debugger

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques

Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities

Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic

Multi-Platform SMAUG RaaS Aims To See Off Competitors

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game

Building a Custom Malware Analysis Lab Environment

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan