ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Labs

Ranzy Ransomware Better Encryption Among New Features Of ThunderX Derivative 5
Crimeware

Ranzy Ransomware | Better Encryption Among New Features of ThunderX Derivative
Jim Walter /

The Ranzy ransomware operators have learned from their mistakes and adapted quickly after ThunderX decryptors became publicly available.

Read More
Resourceful MacOS Malware Hides In Named Fork 5
Security Research

Resourceful macOS Malware Hides in Named Fork
Phil Stokes /

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Read More
Moving From Dynamic Emulation Of UEFI Modules To Coverage Guided Fuzzing Of UEFI Firmware 1
Security Research

Moving From Dynamic Emulation of UEFI Modules To Coverage-Guided Fuzzing of UEFI Firmware
Assaf Carlsbad /

In Part 3 of our series on emulating, debugging and fuzzing UEFI modules, we provide a step-by-step guide to making a coverage-guided fuzzer for UEFI code.

Read More
Anchor Project For Trickbot Adds ICMP
Crimeware

Anchor Project for Trickbot Adds ICMP
Jason Reaves /

The team behind Trickbot has been aggressively updating and deploying various modules including Anchor and Bazar Loader targeting high-value targets, including healthcare entities

Read More
Misusing Msvsmon And The Windows Remote Debugger 3
Security Research

Misusing msvsmon and the Windows Remote Debugger
Michael Myngerbayev /

The ability to remotely debug an application is a useful feature, but msvsmon.exe has security implications that organizations need to be aware of.

Read More
Under The Hood An Inside Look At How Ryuk Evolved Its Encryption And Evasion Techniques 6
Crimeware

An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
Marco Figueroa /

Ryuk’s success is based partly on leveraging other toolkits and vulns, partly on its encryption speed and evasion tricks. We tear it down for a closer look.

Read More
Purple Fox EK New CVEs Steganography And Virtualization Added To Attack Flow 7
Crimeware

Purple Fox EK | New CVEs, Steganography, and Virtualization Added to Attack Flow
Gal Kristal /

New research shows that the Purple Fox exploit kit has added new tricks to its attack flow and continues to target vulnerable versions of Internet Explorer.

Read More
Leveraging LD AUDIT To Beat The Traditional Linux Library Preloading Technique 4
Security Research

Leveraging LD_AUDIT to Beat the Traditional Linux Library Preloading Technique
Lior Ribak /

Abusing LD_PRELOAD to intercept library calls on Linux is a known threat actor technique, but it’s possible to load libaries even before that. Meet LD_AUDIT

Read More
Moving From Manual RE Of UEFI Modules To Coverage Guided Fuzzing Of UEFI Firmware 3
Security Research

Moving From Manual Reverse Engineering of UEFI Modules To Dynamic Emulation of UEFI Firmware
Assaf Carlsbad /

Learn how to emulate, trace, debug, and Reverse Engineer UEFI modules in part 2 of our new blog series on Firmware Security

Read More
The FONIX RaaS New Low Key Threat With Unnecessary Complexities 6
Crimeware

The FONIX RaaS | New Low-Key Threat with Unnecessary Complexities
Jim Walter /

FONIX RaaS uses four methods of encryption per file and leads victims (and affiliates) on a merry dance through multiple emails to obtain decryption.

Read More
1 16 17 18 19 20 23