Labs

Quiver – Using Cutting Edge ML To Detect Interesting Command Lines For Hunters 2

LABScon Replay | Quiver – Using Cutting Edge ML to Detect Interesting Command Lines for Hunters

Gal Braun and Dean Langsam explore how LLMs can be trained to parse command lines and perform tasks like attribution and detection.

Read More
Automating String Decryption And Other Reverse Engineering Tasks In Radare2 With R2pipe By Phil Stokes 1

Automating String Decryption and Other Reverse Engineering Tasks in radare2 With r2pipe

Learn how to drive radare2 with r2pipe for automated binary analysis, string decryption and other common reversing tasks.

Read More
Star Gazing Using A Full Galaxy Of YARA Methods To Pursue An Apex Actor

LABScon Replay | Star-Gazing: Using a Full Galaxy of YARA Methods to Pursue an Apex Actor

Greg Lesnewich explores how to to pursue an apex predator using little more than a local instance of YARA and some publicly available open-source tooling.

Read More
Kimsuky Strikes Again New Social Engineering Campaign Aims To Steal Credentials And Gather Strategic Intelligence 5

Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence

Threat actor targets experts in North Korean affairs with spoofed URLs and weaponized Office documents to steal Google and other credentials.

Read More
Radare2 Power Ups Delivering Faster MacOS Malware Analysis With R2 Customization 5

Radare2 Power Ups | Delivering Faster macOS Malware Analysis With r2 Customization

Learn how to customize radare2 with user-defined aliases, macros and functions for faster and easier binary diffing and analysis.

Read More
Operation Magalenha Long Running Campaign Pursues Portuguese Credentials And PII 3

Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII

A Brazilian threat actor is targeting users of over 30 Portuguese financial institutions with custom backdoors.

Read More
Kimsuky Ongoing Campaign Using Tailored Reconnaissance Toolkit 1

Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit

North Korean APT group focuses on file reconnaissance and information exfiltration with latest variant of RandomQuery malware.

Read More
LABScon Replay Does This Look Infected 2 APT41

LABScon Replay | Does This Look Infected 2 (APT41)

Mandiant researchers Van Ta and Rufus Brown take us on a journey of discovery into the compromise of multiple U.S. Government networks by APT41.

Read More
Malshare 10 Years Of Running A Public Malware Repository 1

LABScon Replay | Malshare: 10 Years of Running a Public Malware Repository

Silas Cutler, founder of MalShare, explores some of the challenges and rewards of developing and maintaining a free malware repository for researchers.

Read More
Hypervisor Ransomware Multiple Threat Actor Groups Hop On Leaked Babuk Code To Build ESXi Lockers

Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers

Availability of leaked Babuk source code is fuelling a proliferation of file lockers targeting VMware ESXi.

Read More