Phil Stokes, Author at SentinelOne

LLMs & Ransomware | An Operational Accelerator, Not a Revolution

Gabriel Bernadett-Shapiro, Jim Walter & Alex Delamotte / December 15, 2025

LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.

labs

Security Research

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

Alex Delamotte, Vitaly Kamluk & Gabriel Bernadett-Shapiro / September 19, 2025

LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.

labs

Adversary

Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

Aleksandar Milenkoski, Sreekar Madabushi (Validin) & Kenneth Kinion (Validin) / September 4, 2025

DPRK-aligned threat actors abuse CTI platforms to detect infrastructure exposure and scout for new assets.

sentinelone

macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App

From the Front Lines | 11 minute read

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware

Phil Stokes & Raffaele Sabato / July 2, 2025

NimDoor shows how threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts.

labs

Security Research

FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network

Tom Hegel, Kenneth Kinion (Validin) & Sreekar Madabushi (Validin) / May 8, 2025

FreeDrain is a modern, scalable phishing operation exploiting weaknesses in free publishing platforms to steal cryptocurrency on a global scale.

labs

Crimeware

AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale

Alex Delamotte & Jim Walter / April 9, 2025

AkiraBot uses OpenAI to generate custom outreach messages to spam chat widgets and website contact forms at scale.

sentinelone

ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

From the Front Lines | 10 minute read

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

Alex Delamotte, Aleksandar Milenkoski & Dakota Cary / February 21, 2025

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.

sentinelone

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

From the Front Lines | 9 minute read