Labs

DragonSpark Attacks Evade Detection With SparkRAT And Golang Source Code Interpretation 1

DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation

A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.

Read More
NoName05716 The Pro Russian Hacktivist Group Targeting NATO 2

NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO

In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.

Read More
Blasting Event Driven Cornucopia WMI Based User Space Attacks Blind SIEMs And EDRs 3

LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs

WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.

Read More
InkySquid The Missing Arsenal 1

LABScon Replay | InkySquid: The Missing Arsenal

Paul Rascagneres explores a macOS port of the Windows RokRAT malware and how it bypasses Apple security protections.

Read More
Breaking Firmware Trust From The Other Side Exploiting Early Boot Phases Pre EFI 1

LABScon Replay | Breaking Firmware Trust From The Other Side: Exploiting Early Boot Phases (Pre-Efi)

The first public discussion of changes in the UEFI firmware security runtime from an offensive security perspective with Alex Matrosov.

Read More
Custom Branded Ransomware The Vice Society Group And The Threat Of Outsourced Development 3

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development

New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.

Read More
11 Problems ChatGPT Can Solve For Reverse Engineers And Malware Analysts 1

11 Problems ChatGPT Can Solve For Reverse Engineers and Malware Analysts

ChatGPT has captured the imagination of many across infosec. Here's how it can superpower the efforts of reversers and malware analysts.

Read More
Kristin Del Rosso Kristen 1

LABScon Replay | Is CNVD ≥ CVE? A Look at Chinese Vulnerability Discovery and Disclosure

Vulnerability disclosure in the US lags behind China's NVD, which has a history of providing APT groups with exploits. How can researchers close the gap?

Read More
Driving Through Defenses Targeted Attacks Leverage Signed Malicious Microsoft Drivers 8

Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers

Threat actors are abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.

Read More
The Mystery Of Metador An Unattributed Threat Hiding In Telcos ISPs And Universities 3

The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques

Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.

Read More