LABScon, Author at SentinelOne

Quiver – Using Cutting Edge ML To Detect Interesting Command Lines For Hunters 2

Gal Braun and Dean Langsam explore how LLMs can be trained to parse command lines and perform tasks like attribution and detection.

PDF

LABScon

LABScon Replay | Star-Gazing: Using a Full Galaxy of YARA Methods to Pursue an Apex Actor

LABScon / June 12, 2023

Greg Lesnewich explores how to to pursue an apex predator using little more than a local instance of YARA and some publicly available open-source tooling.

PDF

LABScon

LABScon Replay | Does This Look Infected 2 (APT41)

LABScon / May 18, 2023

Mandiant researchers Van Ta and Rufus Brown take us on a journey of discovery into the compromise of multiple U.S. Government networks by APT41.

PDF

Malshare 10 Years Of Running A Public Malware Repository 1

LABScon

LABScon Replay | Malshare: 10 Years of Running a Public Malware Repository

LABScon / May 16, 2023

Silas Cutler, founder of MalShare, explores some of the challenges and rewards of developing and maintaining a free malware repository for researchers.

PDF

Blasting Event Driven Cornucopia WMI Based User Space Attacks Blind SIEMs And EDRs 3

LABScon

LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs

LABScon / January 11, 2023

WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.

PDF

LABScon

LABScon Replay | InkySquid: The Missing Arsenal

LABScon / January 4, 2023

Paul Rascagneres explores a macOS port of the Windows RokRAT malware and how it bypasses Apple security protections.

PDF

Breaking Firmware Trust From The Other Side Exploiting Early Boot Phases Pre EFI 1

LABScon

LABScon Replay | Breaking Firmware Trust From The Other Side: Exploiting Early Boot Phases (Pre-Efi)

LABScon / December 29, 2022

The first public discussion of changes in the UEFI firmware security runtime from an offensive security perspective with Alex Matrosov.

PDF

LABScon

LABScon Replay | Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure

LABScon / December 15, 2022

Vulnerability disclosure in the US lags behind China's NVD, which has a history of providing APT groups with exploits. How can researchers close the gap?

PDF

LABScon

LABScon Replay | The Mystery of Metador

LABScon / December 1, 2022

An elusive APT is attacking telcos, ISPs and Universities with custom backdoors and attack chains designed to bypass native security solutions.

PDF

LABScon

LABScon Replay | Demystifying Threats to Satellite Communications in Critical Infrastructure

LABScon / November 17, 2022

Satellite communications are an integral part of many Industrial Control Systems, but their usage in critical infrastructure continues to be misunderstood.

PDF

LABScon

LABScon Replay | Quiver – Using Cutting Edge ML to Detect Interesting Command Lines for Hunters

LABScon Replay | Star-Gazing: Using a Full Galaxy of YARA Methods to Pursue an Apex Actor

LABScon Replay | Does This Look Infected 2 (APT41)

LABScon Replay | Malshare: 10 Years of Running a Public Malware Repository

LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs

LABScon Replay | InkySquid: The Missing Arsenal

LABScon Replay | Breaking Firmware Trust From The Other Side: Exploiting Early Boot Phases (Pre-Efi)

LABScon Replay | Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure

LABScon Replay | The Mystery of Metador

LABScon Replay | Demystifying Threats to Satellite Communications in Critical Infrastructure