The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities
FONIX RaaS uses four methods of encryption per file and leads victims (and affiliates) on a merry dance through multiple emails to obtain decryption.
Read More
Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic
At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright…
Read More
Multi-Platform SMAUG RaaS Aims To See Off Competitors
Raas (Ransomware-as-a-Service) continues to fuel the cybercrime economy. SMAUG offers Windows, Linux and macOS support among other unique features.
Read More
Case Study: Why You Shouldn’t Trust NTDLL from Kernel Image Load Callbacks
Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.
Read More
Case Study: Catching a Human-Operated Maze Ransomware Attack In Action
Maze operators tailor attacks to the victim’s environment to evade detection. We show how they operate, and reveal a decoded HDA payload among other IOCs.
Read More
Agent Tesla | Old RAT Uses New Tricks to Stay on Top
Aside from Dridex, Agent Tesla is the most widely used malware currently targeting businesses. We review its core functionality and latest adaptations.
Read More
Hacking Smart Devices for Fun and Profit
Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.
Read More
Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware
The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.
Read More
WastedLocker Ransomware: Abusing ADS and NTFS File Attributes
WastedLocker is a relatively new ransomware that has been attacking high-value targets across numerous industries, including several Fortune 500 companies.
Read More
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.
Read More