Labs Archive

LABScon Replay | Breaking Firmware Trust From The Other Side: Exploiting Early Boot Phases (Pre-Efi)

LABScon / December 29, 2022

The first public discussion of changes in the UEFI firmware security runtime from an offensive security perspective with Alex Matrosov.

PDF

Crimeware

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development

Antonio Cocomazzi / December 22, 2022

New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.

PDF

Security Research

11 Problems ChatGPT Can Solve For Reverse Engineers and Malware Analysts

Aleksandar Milenkoski / December 21, 2022

ChatGPT has captured the imagination of many across infosec. Here's how it can superpower the efforts of reversers and malware analysts.

PDF

LABScon

LABScon Replay | Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure

LABScon / December 15, 2022

Vulnerability disclosure in the US lags behind China's NVD, which has a history of providing APT groups with exploits. How can researchers close the gap?

PDF

Adversary | Security & Intelligence

Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers

sentinellabs / December 13, 2022

Threat actors are abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.

PDF

Advanced Persistent Threat

The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques

Aleksandar Milenkoski / December 1, 2022

Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.

PDF

LABScon

LABScon Replay | The Mystery of Metador

LABScon /

An elusive APT is attacking telcos, ISPs and Universities with custom backdoors and attack chains designed to bypass native security solutions.

PDF

LABScon

LABScon Replay | Demystifying Threats to Satellite Communications in Critical Infrastructure

LABScon / November 17, 2022

Satellite communications are an integral part of many Industrial Control Systems, but their usage in critical infrastructure continues to be misunderstood.

PDF

LABScon

LABScon Replay | Are Digital Technologies Eroding the Principle of Distinction in War?

LABScon / November 10, 2022

In recent conflicts, digital technology has become weaponized, eroding the traditional barriers that divide the roles of civilians and combatants.

PDF

Crimeware

SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders

Aleksandar Milenkoski / November 7, 2022

SocGholish operators continue to infect websites at a massive scale, and the threat actor is ramping up its infrastructure to match.

PDF

Category

Labs

LABScon Replay | Breaking Firmware Trust From The Other Side: Exploiting Early Boot Phases (Pre-Efi)

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development

11 Problems ChatGPT Can Solve For Reverse Engineers and Malware Analysts

LABScon Replay | Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure

Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers

The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques

LABScon Replay | The Mystery of Metador

LABScon Replay | Demystifying Threats to Satellite Communications in Critical Infrastructure

LABScon Replay | Are Digital Technologies Eroding the Principle of Distinction in War?

SocGholish Diversifies and Expands Its Malware Staging Infrastructure to Counter Defenders