ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Security Research

Resourceful MacOS Malware Hides In Named Fork 5
Security Research

Resourceful macOS Malware Hides in Named Fork
Phil Stokes /

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Read More
Moving From Dynamic Emulation Of UEFI Modules To Coverage Guided Fuzzing Of UEFI Firmware 1
Security Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware
Assaf Carlsbad /

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

Read More
Misusing Msvsmon And The Windows Remote Debugger 3
Security Research

Misusing msvsmon and the Windows Remote Debugger
Michael Myngerbayev /

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Read More
Leveraging LD AUDIT To Beat The Traditional Linux Library Preloading Technique 4
Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique
Lior Ribak /

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Read More
Moving From Manual RE Of UEFI Modules To Coverage Guided Fuzzing Of UEFI Firmware 3
Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware
Assaf Carlsbad /

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Read More
Case Study Why You Shouldn’t Trust NTDLL From Kernel Image Load Callbacks 2
Security Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks
Kasif Dekel /

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

Read More
Hacking Smart Devices For Fun Profit 3
Security Research

Hacking Smart Devices for Fun and Profit
Barak Sternberg /

Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.

Read More
Moving From Common Sense Knowledge About UEFI To Actually Dumping UEFI Firmware 6
Security Research

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware
Assaf Carlsbad /

The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.

Read More
Breaking EvilQuest Reversing A Custom MacOS Ransomware File Encryption Routine 8
Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine
Jason Reaves /

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Read More
Living Off Windows Land A New Native File Downldr 13
Security Research

Living Off Windows Land – A New Native File “downldr”
Gal Kristal /

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

Read More
1 3 4 5 6