SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
Category

Labs

How AdLoad macOS Malware Continues to Adapt & Evade

AdLoad adware evades Apple’s built-in protections, installs man-in-the-middle proxy & multiple persistence agents to thwart removal. Here’s how to fight it.

Read More

How TrickBot Malware Hooking Engine Targets Windows 10 Browsers

Vitali Kremez revealing how TrickBot’s hooking engine targets Chrome, Firefox, Explorer and Edge in Windows 10

Read More

Writing Malware Traffic Decrypters for ISFB/Ursnif

Daniel Bunce explains how to decrypt traffic between an attacker’s C2 and an endpoint infected with ISFB malware

Read More

Writing Malware Configuration Extractors for ISFB/Ursnif

Daniel Bunce demonstrating automated IOC extraction using a python script and an example of ISFB/Ursnif malware.

Read More

Deep Insight into “FIN7” Malware Chain: From Office Macro Malware to Lightweight JS Loader

Vitali Kremez dissecting the ‘Fin7’ malware chain that leverages malicious MS Office Macros and a JS loader.

Read More

Info Stealers | How Malware Hacks Private User Data

Continuing our free Zero2Hero malware reverse engineering course, Daniel Bunce dives into the details of KPot, Vidar & Raccoon Info Stealers.

Read More

Detecting macOS.GMERA Malware Through Behavioral Inspection

New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?

Read More

Trickbot Update: Brief Analysis of a Recent Trickbot Payload

In many ways, Trickbot parallels the evolution of contemporary threats (such as #Emotet) via its modular and expandable architecture. We took it for a test

Read More

FIN6 “FrameworkPOS”: Point-of-Sale Malware Analysis & Internals

Vitali Kremez diving into the FIN6 “FrameworkPOS”, targeting payment card data from Point-of-Sale (POS) or eCommerce systems.

Read More

RIG Exploit Kit Chain Internals

Vitali Kremez explaining the RIG Exploit Kit and the infection chain internals that led to the Amadey Stealer and Clipboard Hijacker.

Read More