A Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. Four years running. A Leader in the Gartner® Magic Quadrant™

Read the Report

A Leader in the Gartner® Magic Quadrant™

Experiencing a Breach?

1-855-868-3733
Small Business
Contact
Cybersecurity Blog

en

English
日本語
Deutsch
Español
Français
Italiano
Dutch
한국어

Get a Demo

Platform Overview
Data & AI
Endpoint Security
Cloud Security
Identity Security
- Singularity Identity Identity Threat Detection
  and Response

Why SentinelOne?

Why SentinelOne?
Compare SentinelOne
Verticals

Strategic Services
- PinnacleOne Strategic Advisory Group
Services Overview
Managed Services
Support, Deployment, & Health

Our Network
Program Overview

Resource Center
View All Resources
Blog
Blog
Tech Resources

About

About SentinelOne

en

English
日本語
Deutsch
Español
Français
Italiano
Dutch
한국어

Get a Demo

James Haughom

Including Posts by: Julio Dantas, Julien Reisdorffer

Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool

From the Front Lines | 5 minute read

LockBit Ransomware Side Loads Cobalt Strike Beacon With Legitimate VMware Utility 4

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

James Haughom / April 27, 2022

Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.

From the Front Lines | Peering into A PYSA Ransomware Attack

From the Front Lines | 14 minute read

From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection

From the Front Lines | 12 minute read

SolarWinds SunBurst Backdoor Inside The Stealthy APT Campaign 1

Advanced Persistent Threat

SolarWinds SUNBURST Backdoor: Inside the APT Campaign

James Haughom / December 18, 2020

A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.

Search

Search ...

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Recent Posts

LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management
December 3, 2024
LABScon24 Replay | A 30-Year Journey from Compilation Student to Decompilation Pioneer
November 26, 2024
CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks
November 25, 2024

Labs Categories

Crimeware
Security Research
Advanced Persistent Threat
Adversary
LABScon
Security & Intelligence

©2024 SentinelOne, All Rights Reserved.

Privacy Notice Master Subscription Agreement

Company

Our Customers
Why SentinelOne
Platform
About
Partners
Support
Careers
Legal & Compliance
Security & Compliance
Contact Us
Investor Relations

Resources

Blog
Labs
Product Tour
Press
News
FAQ
Resources
Ransomware Anthology

Global Headquarters

444 Castro Street
Suite 400
Mountain View, CA 94041

+1-855-868-3733

[email protected]

Sign Up For Our Newsletter

Thank you! You will now receive our weekly newsletter with all recent blog posts. See you soon!

Language

English

English
日本語
Deutsch
Español
Français
Italiano
Dutch
한국어