A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.
Paul Rascagneres explores a macOS port of the Windows RokRAT malware and how it bypasses Apple security protections.
The first public discussion of changes in the UEFI firmware security runtime from an offensive security perspective with Alex Matrosov.
New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.
ChatGPT has captured the imagination of many across infosec. Here's how it can superpower the efforts of reversers and malware analysts.
Vulnerability disclosure in the US lags behind China's NVD, which has a history of providing APT groups with exploits. How can researchers close the gap?
Threat actors are abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.
Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.
