Agent Tesla | Old RAT Uses New Tricks to Stay on Top
Aside from Dridex, Agent Tesla is the most widely used malware currently targeting businesses. We review its core functionality and latest adaptations.
Read More
Hacking Smart Devices for Fun and Profit
Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.
Read More
Moving From Common-Sense Knowledge About UEFI To Actually Dumping UEFI Firmware
The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.
Read More
WastedLocker Ransomware: Abusing ADS and NTFS File Attributes
WastedLocker is a relatively new ransomware that has been attacking high-value targets across numerous industries, including several Fortune 500 companies.
Read More
Enter the Maze: Demystifying an Affiliate Involved in Maze (SNOW)
SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.
Read More
Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine
A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.
Read More
Living Off Windows Land – A New Native File “downldr”
A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.
Read More
Thanos Ransomware | RIPlace, Bootlocker and More Added to Feature Set
Thanos Ransomware has developed rapidly over the last 6 months, offering a customized RaaS tool with an expanding feature set to build unique payloads.
Read More
Inside a TrickBot Cobalt Strike Attack Server
Analysis of a Cobalt Strike Server leveraged in PowerTrick breaches.
Read More
A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.
Read More