Labs Archive

Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs

Dakota Cary / December 10, 2025

Read how two Cisco Network Academy Cup winners went from students to operators behind Salt Typhoon, a global cyber espionage campaign targeting telecoms.

LABScon

LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations

LABScon / November 25, 2025

Mei Danowski & Eugenio Benincasa unpack how Chinese firms running attack-defense exercises fuel state-linked offensive cyber operations.

Security Research

Threat Hunting Power Up | Enhance Campaign Discovery With Validin and Synapse

Tomas Gatial / November 17, 2025

Accelerate adversary tracking and reveal hidden infrastructure with our open-source Synapse Rapid Power-Up for Validin.

LABScon

LABScon25 Replay | LLM-Enabled Malware In the Wild

LABScon / November 3, 2025

Learn how to detect malware that generates code at runtime. SentinelLABS reveals hunting techniques and how to uncover novel AI-enabled threats.

Adversary

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation

Tom Hegel / October 22, 2025

SentinelLABS uncovers a coordinated spearphishing campaign targeting organizations critical to Ukraine's war relief efforts.

LABScon

LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age

LABScon / October 9, 2025

AI agents promise speed, but at what cost to trust? Dreadnode’s Wendiggensen & Palm unpack this dilemma through a hands-on study of leaked Russian data.

Security Research

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

Alex Delamotte, Vitaly Kamluk & Gabriel Bernadett-Shapiro / September 19, 2025

LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.

Adversary

Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

Aleksandar Milenkoski, Sreekar Madabushi (Validin) & Kenneth Kinion (Validin) / September 4, 2025

DPRK-aligned threat actors abuse CTI platforms to detect infrastructure exposure and scout for new assets.

Crimeware

Smart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto

Alex Delamotte / August 5, 2025

Crypto scammers use fake YouTube bots, AI videos, and obfuscated smart contracts to steal $900K+, targeting unwary traders.

Advanced Persistent Threat

Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem

Jim Walter, Alex Delamotte, Beazley Security’s Francisco Donoso, Sam Mayers, Tell Hause & Bobby Venal / August 4, 2025

PXA Stealer uses advanced evasion and Telegram C2 to steal global victim data, fueling a thriving cybercrime market.

LLMs & Ransomware | An Operational Accelerator, Not a Revolution

Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs

LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations

Threat Hunting Power Up | Enhance Campaign Discovery With Validin and Synapse

LABScon25 Replay | LLM-Enabled Malware In the Wild

PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation

LABScon25 Replay | Auto-Poking The Bear: Analytical Tradecraft In The AI Age

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

Smart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto

Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem