Labs Archive

LLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations Teams

Gabriel Bernadett-Shapiro & Edir Garcia Lazo / January 20, 2026

LLM cybersecurity benchmarks fail to measure what defenders need: faster detection, reduced containment time, and better decisions under pressure.

LABScon

LABScon25 Replay | Hacktivism and War: A Clarifying Discussion

LABScon / January 14, 2026

Jim Walter unpacks the hacktivist landscape and reveals how to distinguish different levels of threat based on persona characteristics.

Security Research

Inside the LLM | Understanding AI & the Mechanics of Modern Attacks

Phil Stokes / January 13, 2026

Learn how attackers exploit tokenization, embeddings and LLM attention mechanisms to bypass LLM security filters and hijack model behavior.

Security & Intelligence

LLMs & Ransomware | An Operational Accelerator, Not a Revolution

Gabriel Bernadett-Shapiro, Jim Walter & Alex Delamotte / December 15, 2025

LLMs make competent ransomware crews faster and novices more dangerous. The risk is not superintelligent malware, but rather industrialized extortion.

Security & Intelligence

Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs

Dakota Cary / December 10, 2025

Read how two Cisco Network Academy Cup winners went from students to operators behind Salt Typhoon, a global cyber espionage campaign targeting telecoms.

LABScon

LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations

LABScon / November 25, 2025

Mei Danowski & Eugenio Benincasa unpack how Chinese firms running attack-defense exercises fuel state-linked offensive cyber operations.

Security Research

Threat Hunting Power Up | Enhance Campaign Discovery With Validin and Synapse

Tomas Gatial / November 17, 2025

Accelerate adversary tracking and reveal hidden infrastructure with our open-source Synapse Rapid Power-Up for Validin.

LABScon

LABScon25 Replay | LLM-Enabled Malware In the Wild

LABScon / November 3, 2025

Learn how to detect malware that generates code at runtime. SentinelLABS reveals hunting techniques and how to uncover novel AI-enabled threats.

Adversary

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation

Tom Hegel / October 22, 2025

SentinelLABS uncovers a coordinated spearphishing campaign targeting organizations critical to Ukraine's war relief efforts.

LABScon

LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age

LABScon / October 9, 2025

AI agents promise speed, but at what cost to trust? Dreadnode’s Wendiggensen & Palm unpack this dilemma through a hands-on study of leaked Russian data.

LABScon25 Replay | How to Bug Hotel Rooms v2.0

LLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations Teams

LABScon25 Replay | Hacktivism and War: A Clarifying Discussion

Inside the LLM | Understanding AI & the Mechanics of Modern Attacks

LLMs & Ransomware | An Operational Accelerator, Not a Revolution

Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs

LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations

Threat Hunting Power Up | Enhance Campaign Discovery With Validin and Synapse

LABScon25 Replay | LLM-Enabled Malware In the Wild

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation

LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age