Marco Figueroa, Author at SentinelOne

Evasive Maneuvers | Massive IcedID Campaign Aims For Stealth with Benign Macros

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Read More

Caught in the Cloud | How a Monero Cryptominer Exploits Docker Containers

This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.

Read More

A Deep Dive into Zebrocy’s Dropper Docs

A new APT28 campaign targets Kazakhstan with Delphocy malware. We show how to reverse engineer the dropper and bypass the VBA macro’s password protection.

Read More

Top 15 Essential Malware Analysis Tools

Get your malware analysis toolkit up-to-speed! From disassemblers and debuggers to hex editors and SSL interception tools, you’ll find them all here.

Read More

A Guide to Ghidra Scripting Development for Malware Researchers

Automation is the key to becoming a more effective malware analyst, and Ghidra scripting is an essential tool in your arsenal. Get started here!

Read More

Building a Custom Malware Analysis Lab Environment

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Read More

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.

Read More

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques

Ryuk’s success is based partly on leveraging other toolkits and vulns, partly on its encryption speed and evasion tricks. We tear it down for a closer look.

Read More