ABOUT

VISIT SENTINELONE.COM

Security Research

Case Study Why You Shouldn’t Trust NTDLL From Kernel Image Load Callbacks 2

Security Research

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Kasif Dekel / August 27, 2020

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

Hacking Smart Devices For Fun Profit 3

Security Research

Hacking Smart Devices for Fun and Profit

Barak Sternberg / August 8, 2020

Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.

Moving From Common Sense Knowledge About UEFI To Actually Dumping UEFI Firmware 6

Security Research

Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware

Assaf Carlsbad / August 5, 2020

The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.

Breaking EvilQuest Reversing A Custom MacOS Ransomware File Encryption Routine 8

Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

Jason Reaves / July 7, 2020

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Living Off Windows Land A New Native File Downldr 13

Security Research

Living Off Windows Land – A New Native File “downldr”

Gal Kristal / July 2, 2020

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

A Click From The Backyard Analysis Of CVE 2020 9332 A USB Redirection Software Privilege Escalation 3

Security Research

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software

Michael Myngerbayev / June 17, 2020

CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.

Sarwent Malware Continues To Evolve With Updated Command Functions 6

Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions

Jason Reaves / May 21, 2020

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Privilege Escalation MacOS Malware The Path To Root Part 1 1

Security Research

Privilege Escalation | macOS Malware & The Path to Root Part 1

Phil Stokes / November 6, 2019

Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?

MacOS Incident Response Part 3 System Manipulation 1

Security Research

macOS Incident Response | Part 3: System Manipulation

Phil Stokes / September 4, 2019

How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.

Copy Of Copy Of Gootkit Banking Trojan Deep Dive Into Anti Analysis Features 1

Security Research

Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities

Daniel Bunce / August 29, 2019

Reverse engineering Gootkit reveals tricks for persistence, self-updating and a kill switch. Join us as we continue our deep dive into this banking malware

1 … 4 5 6 7

Next

Search

Search ...

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Recent Posts

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
October 22, 2025
LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age
October 9, 2025
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
September 19, 2025

Labs Categories

Crimeware
Security Research
Advanced Persistent Threat
Adversary
LABScon
Security & Intelligence

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
October 22, 2025
LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age
October 9, 2025
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
September 19, 2025

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Twitter
LinkedIn

©2025 SentinelOne, All Rights Reserved.