Labs Archive

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Phil Stokes / February 16, 2021

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

CVE 2021 24092 Uncovering A 12 Year Old Privilege Escalation Vulnerability In A Windows Defender Driver 6

Security Research

CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender

Kasif Dekel / February 10, 2021

Windows Defender has contained an elevation of privilege vulnerability since at least 2009. Learn more about SentinelOne’s discovery, CVE-2021-24092, here.

Crimeware

Zeoticus 2.0 | Ransomware With No C2 Required

Jim Walter / February 3, 2021

Zeoticus is a Windows-specific ransomware that can execute fully offline with no callback to a C2, making network activity detection rules redundant.

Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Phil Stokes / January 11, 2021

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Crimeware

Greyware’s Anatomy: The “Potentially Unwanted” are Upping Their Game

Mike Dvorkin / January 7, 2021

Adware infections may appear unremarkable at first, but in this example incident analysis we demonstrate their growing sophistication and risk.

Security Research

Building a Custom Malware Analysis Lab Environment

Marco Figueroa / January 4, 2021

Building the right malware analysis environment is the first step for every researcher. We show how it’s done and offer some free custom tools for your use.

Advanced Persistent Threat

SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan

Marco Figueroa / December 23, 2020

Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.

SolarWinds SunBurst Backdoor Inside The Stealthy APT Campaign 1

Advanced Persistent Threat

SolarWinds SUNBURST Backdoor: Inside the APT Campaign

James Haughom / December 18, 2020

A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.

Our CVEs

SentinelLABS / December 16, 2020

Explore the world of enterprise software vulnerabilities discovered by our leading researchers

Introducing SentinelOnes Ghidra SRE Plugin For VirusTotal 4

Security Research

Introducing SentinelOne’s Ghidra Plugin for VirusTotal

Kasif Dekel / December 14, 2020

Ghidra users can now enjoy the same (and more!) benefits available in IDA Pro from VirusTotal’s VTGrep plugin with this open source plugin from SentinelLabs.