Security Research

Bypassing MacOS TCC User Privacy Protections By Accident And Design 8

Bypassing macOS TCC User Privacy Protections By Accident and Design

TCC is meant to protect user data from unauthorized access, but design flaws mean users and malware can bypass TCC, even by accident.

Read More
Hundreds Of Millions Of Dell Computers At Risk Due To Multiple BIOS Driver Privilege Escalation Flaws 11

CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws

Update your Dell devices now! SentinelLabs discover five high severity flaws in Dell firmware update driver impacting desktops, laptops, notebooks and more.

Read More
Adventures From UEFI Land  The Hunt For The S3 Boot Script 1

Adventures From UEFI Land: the Hunt For the S3 Boot Script

In Part 4 of our UEFI Internals and Exploitation series, we abandon VMs and dive into UEFI on a physical machine. The quest: recovery of the S3 Boot Script.

Read More
Keep Malware Off Your Disk With SentinelOnes IDA Pro Memory Loader Plugin 2

Keep Malware Off Your Disk With SentinelOne’s IDA Pro Memory Loader Plugin

Security researchers – don’t infect your own device! Now you can analyze malware samples in memory using SentinelOne’s Memory Loader plugin for IDA Pro.

Read More
Top 15 Essential Malware Analysis Tools 4

Top 15 Essential Malware Analysis Tools

Get your malware analysis toolkit up-to-speed! From disassemblers and debuggers to hex editors and SSL interception tools, you’ll find them all here.

Read More
A Guide To Ghidra Scripting Development For Malware Researchers 3

A Guide to Ghidra Scripting Development for Malware Researchers

Automation is the key to becoming a more effective malware analyst, and Ghidra scripting is an essential tool in your arsenal. Get started here!

Read More
20 Common Tools Techniques Used By MacOS Threat Actors Malware 6

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

Read More
CVE 2021 24092  Uncovering A 12 Year Old Privilege Escalation Vulnerability In A Windows Defender Driver 6

CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender

Windows Defender has contained an elevation of privilege vulnerability since at least 2009. Learn more about SentinelOne’s discovery, CVE-2021-24092, here.

Read More
FADE DEAD   Adventures In Reversing Malicious Run Only AppleScripts 2

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Read More
Building A Custom Malware Analysis Lab Environment 2

Building a Custom Malware Analysis Lab Environment

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Read More