New! CNAPP That Helps You Think Like an Attacker with Singularity Cloud Native Security. Learn More New! Singularity™ Cloud Native Security

Experiencing a Breach?

Small Business
Contact
Cybersecurity Blog

en

English
日本語
Deutsch
Español
Français
Italiano
Dutch
한국어

Platform Overview
Data & AI
Endpoint Security
Cloud Security
Identity Security
- Singularity Identity Identity Threat Detection
  and Response
- Singularity Hologram Deception Protection

Why SentinelOne?

Why SentinelOne?
Compare SentinelOne
Verticals

Strategic Services
- PinnacleOne Strategic Advisory Group
Services Overview
Threat Services
Support, Deployment, & Health

Our Network
Program Overview

Resource Center
View All Resources
Blog
Blog
Tech Resources

About SentinelOne

en

English
日本語
Deutsch
Español
Français
Italiano
Dutch
한국어

James Haughom

Including Posts by: Julio Dantas, Julien Reisdorffer

Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool

From the Front Lines | 5 minute read

LockBit Ransomware Side Loads Cobalt Strike Beacon With Legitimate VMware Utility 4

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

James Haughom / April 27, 2022

Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.

From the Front Lines | Peering into A PYSA Ransomware Attack

From the Front Lines | 14 minute read

From the Front Lines | Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection

From the Front Lines | 12 minute read

SolarWinds SunBurst Backdoor Inside The Stealthy APT Campaign 1

Advanced Persistent Threat

SolarWinds SUNBURST Backdoor: Inside the APT Campaign

James Haughom / December 18, 2020

A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.

Search

Search ...

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Recent Posts

CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts
July 1, 2024
ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
June 26, 2024
LABScon23 Replay | macOS Components Used in North Korean Crypto-Heists
May 8, 2024

Labs Categories

Crimeware
Security Research
Advanced Persistent Threat
Adversary
LABScon
Security & Intelligence

©2024 SentinelOne, All Rights Reserved.

Privacy Notice Master Subscription Agreement

Company

Our Customers
Why SentinelOne
Platform
About
Partners
Support
Careers
Legal & Compliance
Security & Compliance
Contact Us
Investor Relations

Resources

Blog
Labs
Hack Chat
Press
News
FAQ
Resources
Ransomware Anthology

Global Headquarters

444 Castro Street
Suite 400
Mountain View, CA 94041

+1-855-868-3733

[email protected]

Sign Up For Our Newsletter

Thank you! You will now receive our weekly newsletter with all recent blog posts. See you soon!

Language

English

English
日本語
Deutsch
Español
Français
Italiano
Dutch
한국어