SentinelLabs - Page 3 of 8 - Intelligence Redefined

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

The Ranzy ransomware operators have learned from their mistakes and adapted quickly after ThunderX decryptors became publicly available.

Security Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Security Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

Crimeware

Anchor Project for Trickbot Adds ICMP

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Security Research

Misusing msvsmon and the Windows Remote Debugger

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Crimeware

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques

Ryuk’s success is based partly on leveraging other toolkits and vulns, partly on its encryption speed and evasion tricks. We tear it down for a closer look.

Crimeware

Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow

New research shows that the Purple Fox exploit kit has added new tricks to its attack flow and continues to target vulnerable versions of Internet Explorer.

Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Crimeware

The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities

FONIX RaaS uses four methods of encryption per file and leads victims (and affiliates) on a merry dance through multiple emails to obtain decryption.

@FeverTreeMixers’s previous #endpoint security product required painstaking configuration and upkeep. They wanted… https://t.co/rrRGJshy059 hours ago
RT @LisaH_Jackson: .@ATT Launches new managed comprehensive endpoint security solution with @SentinelOne. Endpoint protection against #cybe…10 hours ago
RT @EFF: "At the time, [China's] was the only internet censorship in town. There was this thought—oh look, it's so quaint, a country trying…10 hours ago
#NTLM is still actively exploited. Follow each step in this #Vigilance #MDR analysis of a real-world attack and… https://t.co/S0TRyHl0OP12 hours ago

0 / 131

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative

Resourceful macOS Malware Hides in Named Fork

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

Anchor Project for Trickbot Adds ICMP

Misusing msvsmon and the Windows Remote Debugger

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques

Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities

CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol

A Deep Dive into Zebrocy’s Dropper Docs

Adventures From UEFI Land: the Hunt For the S3 Boot Script