Labs

Sandman APT A Mystery Group Targeting Telcos With A LuaJIT Toolkit 4

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

Sophisticated threat actor deploys high-end malware utilizing the LuaJIT platform to backdoor telcos in Europe, Middle East and South Asia.

Read More
Cyber Soft Power Chinas Continental Takeover 14

Cyber Soft Power | China’s Continental Takeover

China-aligned threat actors are increasingly involved in strategic intrusions in Africa, aiming to extend the PRC's influence across the continent.

Read More
CapraTube Transparent Tribes CapraRAT Mimics YouTube To Hijack Android Phones 3

CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones

Pakistan-aligned threat actor weaponizes fake YouTube apps on the Android platform to deliver mobile remote access trojan spyware.

Read More
Bloated Binaries How To Detect And Analyze Multi Megabyte MacOS Malware 8

Bloated Binaries | How to Detect and Analyze Large macOS Malware Files

Massive malware binaries are becoming more common on macOS and can cause problems for detection and analysis. Here's how we can successfully deal with them.

Read More
Chinese Entanglement DLL Hijacking In The Asian Gambling Sector By Aleksandar Milenkoski And Tom Hegel 5

Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector

Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.

Read More
Comrades In Arms North Korea Compromises Sanctioned Russian Missile Engineering Company 1

Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company

North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor.

Read More
JumpCloud Intrusion Attacker Infrastructure Links Compromise To North Korean APT Activity 5

JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity

North Korean state sponsored APT is behind a new supply chain attack on zero-trust directory platform JumpCloud.

Read More
Cloudy With A Chance Of Credentials AWS Targeting Cred Stealer Expands To Azure GCP 9

Cloudy With a Chance of Credentials | AWS-Targeting Cred Stealer Expands to Azure, GCP

Cloud credentials stealing campaign expands to target Azure and Google Cloud via unpatched web app vulnerabilities.

Read More
Quiver – Using Cutting Edge ML To Detect Interesting Command Lines For Hunters 2

LABScon Replay | Quiver – Using Cutting Edge ML to Detect Interesting Command Lines for Hunters

Gal Braun and Dean Langsam explore how LLMs can be trained to parse command lines and perform tasks like attribution and detection.

Read More
Automating String Decryption And Other Reverse Engineering Tasks In Radare2 With R2pipe By Phil Stokes 1

Automating String Decryption and Other Reverse Engineering Tasks in radare2 With r2pipe

Learn how to drive radare2 with r2pipe for automated binary analysis, string decryption and other common reversing tasks.

Read More