SentinelLabs Logo RGB WhitePurp
ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Marco Figueroa

Marco Figueroa is a Principal Threat Researcher at SentinelOne whose technical expertise includes reverse engineering, incident handling, threat intelligence, and APT hunting. Previously, Marco spent the last 7 years at Intel as a Sr. Security Researcher.
Evasive Maneuvers Massive IcedID Campaign Aims For Stealth With Benign Macros 5
labs
Crimeware

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

Marco Figueroa / June 24, 2021

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Read More
Caught In The Cloud How A Minero Cryptominer Exploits Docker Containers 4
labs
Crimeware

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers

Marco Figueroa / May 20, 2021

This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.

Read More
A Deep Dive Into Zebrocys Dropper Docs 4
labs
Adversary

A Deep Dive into Zebrocy’s Dropper Docs

Marco Figueroa / April 19, 2021

A new APT28 campaign targets Kazakhstan with Delphocy malware. We show how to reverse engineer the dropper and bypass the VBA macro’s password protection.

Read More
Top 15 Essential Malware Analysis Tools 4
labs
Security Research

Top 15 Essential Malware Analysis Tools

Marco Figueroa / March 11, 2021

Get your malware analysis toolkit up-to-speed! From disassemblers and debuggers to hex editors and SSL interception tools, you’ll find them all here.

Read More
A Guide To Ghidra Scripting Development For Malware Researchers 3
labs
Security Research

A Guide to Ghidra Scripting Development for Malware Researchers

Marco Figueroa / March 3, 2021

Automation is the key to becoming a more effective malware analyst, and Ghidra scripting is an essential tool in your arsenal. Get started here!

Read More
Building A Custom Malware Analysis Lab Environment 2
labs
Security Research

Building a Custom Malware Analysis Lab Environment

Marco Figueroa / January 4, 2021

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Read More
SolarWinds   Understanding Detecting The SUPERNOVA Webshell Trojan 3
labs
Advanced Persistent Threat

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

Marco Figueroa / December 23, 2020

Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.

Read More
Under The Hood   An Inside Look At How Ryuk Evolved Its Encryption And Evasion Techniques 6
labs
Crimeware

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques

Marco Figueroa / October 22, 2020

Ryuk’s success is based partly on leveraging other toolkits and vulns, partly on its encryption speed and evasion tricks. We tear it down for a closer look.

Read More

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

  • FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network
    FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network
    May 8, 2025
  • Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
    Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
    April 28, 2025
  • AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale
    AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale
    April 9, 2025

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

  • Twitter
  • LinkedIn
©2025 SentinelOne, All Rights Reserved.