Labs

Anchor Project For Trickbot Adds ICMP

Anchor Project for Trickbot Adds ICMP

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Read More
Misusing Msvsmon And The Windows Remote Debugger 3

Misusing msvsmon and the Windows Remote Debugger

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Read More
Under The Hood   An Inside Look At How Ryuk Evolved Its Encryption And Evasion Techniques 6

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques

Ryuk’s success is based partly on leveraging other toolkits and vulns, partly on its encryption speed and evasion tricks. We tear it down for a closer look.

Read More
Purple Fox EK   New CVEs Steganography And Virtualization Added To Attack Flow 7

Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow

New research shows that the Purple Fox exploit kit has added new tricks to its attack flow and continues to target vulnerable versions of Internet Explorer.

Read More
Leveraging LD AUDIT To Beat The Traditional Linux Library Preloading Technique 4

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Read More
Moving From Manual RE Of UEFI Modules To Coverage Guided Fuzzing Of UEFI Firmware 3

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Read More
The FONIX RaaS   New Low Key Threat With Unnecessary Complexities 6

The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities

FONIX RaaS uses four methods of encryption per file and leads victims (and affiliates) on a merry dance through multiple emails to obtain decryption.

Read More
Scams Phishing And Malware   Cyber Attacks Leveraging The COVID 19 CoronaVirus Pandemic 1

Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic

At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright…

Read More
Multi Platform SMAUG RaaS Aims To See Off Competitors 6

Multi-Platform SMAUG RaaS Aims To See Off Competitors

Raas (Ransomware-as-a-Service) continues to fuel the cybercrime economy. SMAUG offers Windows, Linux and macOS support among other unique features.

Read More
Case Study  Why You Shouldn’t Trust NTDLL From Kernel Image Load Callbacks 2

Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks

Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.

Read More