SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
Category

Labs

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.

Read More

Sanctions Be Damned | From Dridex to Macaw, The Evolution of Evil Corp

What really happened to Evil Corp after the OFAC sanctions? Did they cut and run, or are they still operating with impunity?

Read More

Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon

Threat actor exploits Log4j2 vulnerabilities to drop PowerShell backdoors, harvest credentials, and communicate via legitimate services.

Read More

ModifiedElephant APT and a Decade of Fabricating Evidence

A previously unreported threat actor has been targeting civil society for over a decade. Read about how it operates and its relationships to other threats.

Read More

Firefox JIT Use-After-Frees | Exploiting CVE-2020-26950

Learn how to dive into JIT compilers in JavaScript engines and follow along as we find a new set of exploit primitives in this previously patched bug.

Read More

Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations

Are there still real hacktivists out there or are they all a cover for state-sponsored operations?

Read More

BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims

With victims in the US, Australia and India, BlackCat is a new RaaS making a big impact. Learn more about this unique ransomware's behavior and IoCs.

Read More

Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor

MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.

Read More

CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers

SentinelLabs has discovered a high severity flaw in NetUSB which could be remotely exploited to execute code in the kernel.

Read More

A Threat Hunter’s Guide to the Mac’s Most Prevalent Adware Infections 2022

Mac adware is hidden, persistent, and evasive, fingerprinting devices and delivering custom payloads. Learn how to hunt it on macOS.

Read More