Security Research

Inside The Black Box How We Fuzzed Microsoft Defender For IoT And Found Multiple Vulnerabilities 5

Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities

A must-read for fuzzing fans, this post gives a detailed look at the advanced techniques used in our recent discovery of multiple bugs in Defender for IoT.

Read More
Pwning Microsoft Azure Defender For IoT Multiple Flaws Allow Remote Code Execution For All 20

Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All

As if IoT & OT aren't hard enough to defend, we dive into five critical vulnerabilities in Microsoft Defender for IoT that leave the door wide open.

Read More
The Art And Science Of MacOS Malware Hunting With Radare2 Leveraging Xrefs YARA Zignatures 11

The Art and Science of macOS Malware Hunting with radare2 | Leveraging Xrefs, YARA and Zignatures

In the next part of our series on reversing macOS malware, we dig into identifying reused code across malware samples for hunting and detection.

Read More
Another Brick In The Wall Uncovering SMM Vulnerabilities In HP Firmware 1

Another Brick in the Wall: Uncovering SMM Vulnerabilities in HP Firmware

How we used Brick to discover six different vulnerabilities affecting HP laptops' firmware

Read More
Zen And The Art Of SMM Bug Hunting 5

Zen and the Art of SMM Bug Hunting | Finding, Mitigating and Detecting UEFI Vulnerabilities

In Part 5 of our ongoing series on UEFI security research, we dive into the fascinating world of hunting and exploiting SMM vulnerabilities.

Read More
Firefox JIT Use After Frees Exploiting CVE 2020 26950 6

Firefox JIT Use-After-Frees | Exploiting CVE-2020-26950

Learn how to dive into JIT compilers in JavaScript engines and follow along as we find a new set of exploit primitives in this previously patched bug.

Read More
CVE 2021 45388 NetUSB RCE Flaw In Millions Of End User Routers

CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers

SentinelLabs has discovered a high severity flaw in NetUSB which could be remotely exploited to execute code in the kernel.

Read More
Multiple Vulnerabilities Discovered In AWS And Other Major Cloud Services 6

USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services

25 CVEs and counting: SentinelLabs' latest research reveals millions of cloud users are exposed to privilege escalations from bugs in shared driver software.

Read More
GSOh No Finding Vulnerabilities In VirtualBox Network Offloads 12

GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads

Inspired by Pwn2Own, SentinelLabs' researcher Max Van Amerongen discovered three CVEs, including two privilege escalations, in VirtualBox. Read more here.

Read More
Infect If Needed A Deeper Dive Into Targeted Backdoor MacOS Macma 7

Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma

SentinelLabs reveals further IoCs, behavior and analysis around suspected APT attack targeting macOS users and Hong Kong pro-democracy activists.

Read More