Bypassing macOS TCC User Privacy Protections By Accident and Design
TCC is meant to protect user data from unauthorized access, but design flaws mean users and malware can bypass TCC, even by accident.
Read More
TCC is meant to protect user data from unauthorized access, but design flaws mean users and malware can bypass TCC, even by accident.
Update your Dell devices now! SentinelLabs discover five high severity flaws in Dell firmware update driver impacting desktops, laptops, notebooks and more.
In Part 4 of our UEFI Internals and Exploitation series, we abandon VMs and dive into UEFI on a physical machine. The quest: recovery of the S3 Boot Script.
Security researchers – don’t infect your own device! Now you can analyze malware samples in memory using SentinelOne’s Memory Loader plugin for IDA Pro.
Get your malware analysis toolkit up-to-speed! From disassemblers and debuggers to hex editors and SSL interception tools, you’ll find them all here.
Automation is the key to becoming a more effective malware analyst, and Ghidra scripting is an essential tool in your arsenal. Get started here!
Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.
Windows Defender has contained an elevation of privilege vulnerability since at least 2009. Learn more about SentinelOne’s discovery, CVE-2021-24092, here.
We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.
Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.