ABOUT

VISIT SENTINELONE.COM

Security Research

20 Common Tools Techniques Used By MacOS Threat Actors Malware 6

Security Research

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Phil Stokes / February 16, 2021

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

CVE 2021 24092 Uncovering A 12 Year Old Privilege Escalation Vulnerability In A Windows Defender Driver 6

Security Research

CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender

Kasif Dekel / February 10, 2021

Windows Defender has contained an elevation of privilege vulnerability since at least 2009. Learn more about SentinelOne’s discovery, CVE-2021-24092, here.

FADE DEAD Adventures In Reversing Malicious Run Only AppleScripts 2

Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Phil Stokes / January 11, 2021

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Building A Custom Malware Analysis Lab Environment 2

Security Research

Building a Custom Malware Analysis Lab Environment

Marco Figueroa / January 4, 2021

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Introducing SentinelOnes Ghidra SRE Plugin For VirusTotal 4

Security Research

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

Kasif Dekel / December 14, 2020

Ghidra users can now enjoy the same (and more!) benefits available in IDA Pro from VirusTotal’s VTGrep plugin with this open source plugin from SentinelLabs.

Resourceful MacOS Malware Hides In Named Fork 5

Security Research

Resourceful macOS Malware Hides in Named Fork

Phil Stokes / November 5, 2020

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Moving From Dynamic Emulation Of UEFI Modules To Coverage Guided Fuzzing Of UEFI Firmware 1

Security Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware

Assaf Carlsbad / November 2, 2020

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

Misusing Msvsmon And The Windows Remote Debugger 3

Security Research

Misusing msvsmon and the Windows Remote Debugger

Michael Myngerbayev / October 26, 2020

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Leveraging LD AUDIT To Beat The Traditional Linux Library Preloading Technique 4

Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Lior Ribak / October 13, 2020

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Moving From Manual RE Of UEFI Modules To Coverage Guided Fuzzing Of UEFI Firmware 3

Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Assaf Carlsbad / October 8, 2020

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

1 … 3 4 5 6 7

Next

Search

Search ...

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Recent Posts

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
October 22, 2025
LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age
October 9, 2025
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
September 19, 2025

Labs Categories

Crimeware
Security Research
Advanced Persistent Threat
Adversary
LABScon
Security & Intelligence

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
October 22, 2025
LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age
October 9, 2025
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
September 19, 2025

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Twitter
LinkedIn

©2025 SentinelOne, All Rights Reserved.