Labs Archive

Remote Linux Kernel Heap Overflow TIPC Module Allows Arbitrary Code Execution Ftr

CVE-2021-43267: Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution

Max Van Amerongen / November 4, 2021

SentinelLabs has discovered a heap overflow vulnerability in the TIPC module of the Linux Kernel, which can allow attackers to compromise an entire system.

Crimeware

Spook Ransomware | Prometheus Derivative Names Those That Pay, Shames Those That Don’t

Jim Walter / October 28, 2021

New ransomware operator publishes victim details even if they pay. Our technical analysis shows how Spook is connected to other well-known malware families.

Security Research

AlphaGolang | A Step-by-Step Go Malware Reversing Methodology for IDA Pro

Juan Andrés Guerrero-Saade / October 21, 2021

SentinelLabs sets off to dispel the myth that Go malware is hard to reverse engineer. This suite of IDApython scripts will set you well on your way

Karma Ransomware An Emerging Threat With A Hint Of JSWorm Pedigree 6

Crimeware

Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree

Antonis Terefos / October 18, 2021

Exploring the links between Karma and other well-known malware families such as NEMTY and JSWorm, we find further IoCs and an evolving threat.

Case Studies In MacOS Malware String Decryption With Radare2 13

Security Research

Techniques for String Decryption in macOS Malware with Radare2

Phil Stokes / October 12, 2021

In Part 3 of our macOS reversing series, we look at three different macOS malware samples and walk you through how to decipher encrypted strings.

Adversary

New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education

Amitai Ben Shushan Ehrlich / September 30, 2021

Agrius has continued to evolve its toolkit from wiper to ransomware operations, including a recent attack on a higher education facility.

Security Research

Defeating macOS Malware Anti-Analysis Tricks with Radare2

Phil Stokes / September 20, 2021

Learn how to beat malware authors' control flow and avoid executing unwanted parts of their code to analyze macOS malware in radare2.

Security Research

CVE-2021-3437 | HP OMEN Gaming Hub Privilege Escalation Bug Hits Millions of Gaming Devices

Kasif Dekel / September 14, 2021

A high severity flaw in HP's OMEN Gaming Hub software allows any user to escalate privileges to kernel-level mode.

Crimeware

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms

Antonio Pirozzi / September 13, 2021

A new ZLoader campaign abuses Google Ads to target European banking institutions with signed MSI payloads and more than 300 domains.

Advanced Persistent Threat

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor

Juan Andrés Guerrero-Saade / September 8, 2021

EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.