At Sentinel Labs, we have been closely tracking adversarial behavior as it pertains to COVID-19/Coronavirus. To date, we have observed a significant number of malware campaigns, spam campaigns, and outright…
Raas (Ransomware-as-a-Service) continues to fuel the cybercrime economy. SMAUG offers Windows, Linux and macOS support among other unique features.
Read how we discovered and exploited several severe flaws in a security product’s kernel mode driver due to a lack of user mode input validation.
Maze operators tailor attacks to the victim’s environment to evade detection. We show how they operate, and reveal a decoded HDA payload among other IOCs.
Aside from Dridex, Agent Tesla is the most widely used malware currently targeting businesses. We review its core functionality and latest adaptations.
Presented at DEF CON 28 (2020), this is the story of how SentinelOne researcher Barak Sternberg found four IoT vulnerabilities in thousands of smart devices.
The first in a series of posts for researchers on how to emulate, debug and fuzz UEFI modules, we begin with a refresher on how to dump SPI flash memory.
WastedLocker is a relatively new ransomware that has been attacking high-value targets across numerous industries, including several Fortune 500 companies.
SentinelLabs profiles an affiliate involved with Maze ransomware and details the actor’s involvement with other crimeware families, including TrickBot.
A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.
