ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Security Research

Breaking EvilQuest Reversing A Custom MacOS Ransomware File Encryption Routine 8
Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine
Jason Reaves /

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

Read More
Living Off Windows Land A New Native File Downldr 13
Security Research

Living Off Windows Land – A New Native File “downldr”
Gal Kristal /

A newly discovered LOLBin offers an alternative to certutil for helping adversaries download files from a remote server. Meet desktopimgdownldr.exe.

Read More
A Click From The Backyard Analysis Of CVE 2020 9332 A USB Redirection Software Privilege Escalation 3
Security Research

A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software
Michael Myngerbayev /

CVE-2020-9332 is a vulnerability that could allow an attacker to create trusted, fake USB devices and attack Windows machines in new and unexpected ways.

Read More
Sarwent Malware Continues To Evolve With Updated Command Functions 6
Security Research

Sarwent Malware Continues to Evolve With Updated Command Functions
Jason Reaves /

Sarwent has received little attention from researchers, but this backdoor malware is still being actively developed, with new commands and a focus on RDP.

Read More
Privilege Escalation MacOS Malware The Path To Root Part 1 1
Security Research

Privilege Escalation | macOS Malware & The Path to Root Part 1
Phil Stokes /

Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?

Read More
MacOS Incident Response Part 3 System Manipulation 1
Security Research

macOS Incident Response | Part 3: System Manipulation
Phil Stokes /

How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.

Read More
Copy Of Copy Of Gootkit Banking Trojan Deep Dive Into Anti Analysis Features 1
Security Research

Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities
Daniel Bunce /

Reverse engineering Gootkit reveals tricks for persistence, self-updating and a kill switch. Join us as we continue our deep dive into this banking malware

Read More
MacOS Incident Response Part 2 User Data Activity And Behavior 2
Security Research

macOS Incident Response | Part 2: User Data, Activity and Behavior
Phil Stokes /

What can we learn about user activity and behavior on a compromised Mac? Learn about the hidden and obfuscated data stores Apple use on the macOS platform.

Read More
MacOS Incident Response Part 1 Collecting Device File System Data 1
Security Research

macOS Incident Response | Part 1: Collecting Device, File & System Data
Phil Stokes /

How should you investigate an infected Mac? Has there been lateral movement, data exfiltration, system manipulation? Learn macOS incident response here.

Read More
Cybercrime Banload Banking Malware Implements New Techniques For Fraud 1
Security Research

Cybercrime: Groups Behind “Banload” Banking Malware Implement New Techniques
Vitali Kremez /

Cybercriminals aren’t deterred by legacy AV. Learn how the gang behind “Banload” malware used a new kernel driver to remove popular anti-malware solutions.

Read More
1 4 5 6 7