SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
Category

Labs

New Rook Ransomware Feeds Off the Code of Babuk

Scavenging code leaked from Babuk, Rook's first victim was a bank and the theft of 1123 GB of data. Learn more about this new ransomware operator.

Read More

USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services

25 CVEs and counting: SentinelLabs' latest research reveals millions of cloud users are exposed to privilege escalations from bugs in shared driver software.

Read More

GSOh No! Hunting for Vulnerabilities in VirtualBox Network Offloads

Inspired by Pwn2Own, SentinelLabs' researcher Max Van Amerongen discovered three CVEs, including two privilege escalations, in VirtualBox. Read more here.

Read More

Infect If Needed | A Deeper Dive Into Targeted Backdoor macOS.Macma

SentinelLabs reveals further IoCs, behavior and analysis around suspected APT attack targeting macOS users and Hong Kong pro-democracy activists.

Read More

CVE-2021-43267: Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution

SentinelLabs has discovered a heap overflow vulnerability in the TIPC module of the Linux Kernel, which can allow attackers to compromise an entire system.

Read More

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.

Read More

AlphaGolang | A Step-by-Step Go Malware Reversing Methodology for IDA Pro

SentinelLabs sets off to dispel the myth that Go malware is hard to reverse engineer. This suite of IDApython scripts will set you well on your way

Read More

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.

Read More

Techniques for String Decryption in macOS Malware with Radare2

In Part 3 of our macOS reversing series, we look at three different macOS malware samples and walk you through how to decipher encrypted strings.

Read More

New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education

Agrius has continued to evolve its toolkit from wiper to ransomware operations, including a recent attack on a higher education facility.

Read More